Difference between revisions of "Security flaw"

From Clinfowiki
Jump to: navigation, search
 
(15 intermediate revisions by one user not shown)
Line 1: Line 1:
Security flaws can be a weakness in the design of an application or in the procedures in using an application. Also a security flaw can be know or unknown. With known security flaws it may be possible to create procedure to mitigate those know weaknesses. With unknown security flaws one may not realize there is a weakness until that weakness has been exploited. An example would be a [http://en.wikipedia.org/wiki/Zero-day_attack] vulnerability which means no-one has seen that method of attack until it occurs.
+
Security flaws can be a weakness or [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] in the design of an application or within the procedures in using an application. This type of weakness allows attackers to comprise the integrity, availability and confidentiality of a system.<ref name="security vulnerability">Definition of a Security Vulnerability.https://msdn.microsoft.com/en-us/library/cc751383.aspx</ref> Also a security flaw can be a known or an unknown flaw. With known security flaws it may be possible to create procedures to mitigate those know weaknesses. With unknown security flaws one may not realize there is a weakness until that weakness has been exploited. An example would be a [http://en.wikipedia.org/wiki/Zero-day_attack/ Zero day attack] vulnerability which means no-one has seen that method of attack until it occurs.
  
 
Security flaws can be related to:
 
Security flaws can be related to:
*Security measures with the organization
+
*Security measures within the organization (Policies not requiring dual control)
*Physical environment of the system
+
*Physical environment of the system (Secure access to the server room)
*hardware
+
*Hardware (No alternate power supply)
*software
+
*Software design (Programming error)
*communication
+
*Communication (Not encrypted)
*business operations
+
*Business operations (Incomplete written procedures)
*administration procedures
+
*Administration procedures (Too many employees with administrative authority)
  
  
 
==References==
 
==References==
 
<references/>
 
<references/>

Latest revision as of 01:51, 7 April 2015

Security flaws can be a weakness or vulnerability in the design of an application or within the procedures in using an application. This type of weakness allows attackers to comprise the integrity, availability and confidentiality of a system.[1] Also a security flaw can be a known or an unknown flaw. With known security flaws it may be possible to create procedures to mitigate those know weaknesses. With unknown security flaws one may not realize there is a weakness until that weakness has been exploited. An example would be a Zero day attack vulnerability which means no-one has seen that method of attack until it occurs.

Security flaws can be related to:

  • Security measures within the organization (Policies not requiring dual control)
  • Physical environment of the system (Secure access to the server room)
  • Hardware (No alternate power supply)
  • Software design (Programming error)
  • Communication (Not encrypted)
  • Business operations (Incomplete written procedures)
  • Administration procedures (Too many employees with administrative authority)


References

  1. Definition of a Security Vulnerability.https://msdn.microsoft.com/en-us/library/cc751383.aspx