The term "vulnerability" represents security flaws in hardware, software, or configuration of a device or process. Vulnerability testing should be performed on an ongoing basis by the parties responsible for resolving such vulnerabilities,
The term "risk" refers to the likelihood of being targeted by a given attack, of an attack being successful, and general exposure to a given threat. As can be seen, risk occurs when both the threat and vulnerability are present.
The term "threat" refers to the source and means of a particular type of attack. A threat assessment is performed to determine the best approaches to securing a system against a particular threat, or class of threat.
Exploit: An exploit is the way or tool by which an attacker uses a vulnerability to cause damage to the target system.
War-driving is related to exploiting the vulnerabilities in wireless networks.
Tempest was the name of a classified (secret) U.S. government project to study the susceptibility of some computer and telecommunications devices to emit electromagnetic radiation (EMR) in a manner that can be used to reconstruct intelligible data. TEMPEST certification ensures that the building is shielded adequately and the EM radiations are within limits to prevent intruders from accessing the information from outside the building.
The practice of marking the buildings with unsecured wireless networks is called war-chalking. The practice of sniffing wireless networks is known as war-driving.
Race conditions: Race conditions are a vulnerability related to multithreaded applications. When a multi-threaded application does not properly handle various threads accessing a common value, this can lead to unpredictable values for that variable. This is called a race condition.
Memory/buffer vulnerability
DLL injection: DLL injection s a technique used for running code within the address space of another process by forcing it to load a dynamic-link library. DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend.
Buffer overflow: Buffer overflow occurs when the input is more than that allocated for that purpose. The system doesn't know what to do with the additional input, and it may result in freezing of the system, or sometimes to take control of the system by a hacker. By validating the inputs, it is possible to reduce this vulnerability to a great extent.
Shadow IT:Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit IT department approval. It has grown exponentially in recent years with the adoption of cloud-based applications and services.
While shadow IT can improve employee productivity and drive innovation, it can also introduce serious security risks to your organization through data leaks, potential compliance violations, and more.
Open Source Intelligence (OSINT):Open source intelligence, sometimes called open source threat intelligence, refers to intelligence data collected from public sources. There is a wide range of public sources of information concerning current cybersecurity activity.
Dark web: The dark web is a subset of the worldwide content on the Internet that has its access restricted via specific obfuscation methods.
Insider Threats: One of the hardest threats that security professionals will have to address is that of the insider. Since employees already have access to the organization and its assets, additional mechanisms need to be in place to detect attacks by insiders and to lessen the ability of these attacks to succeed.
Vulnerability scans
It is a bit tricky question. You have the following possibilities:
Software having virus: Positive Class
Software having no virus: Negative Class
1) Software is free of virus and scan reported the same (that it doesn't have any virus): True Negative
2) Software is having virus and the scan reported the same (that it has virus): True Positive
3) Software is free of virus and scan reported that it has virus: False Positive
4) Software has virus and the scan reported it doesn't have virus: Flase Negative
What is a bit tricky is that "having virus" is considered as Positive Class. Therefore, if there is no virus, but the scan reveals a virus the it is considered as False Positive.
The same is given below in different words:
False positive: False positives are essentially events that are mistakenly flagged and are not really events to be concerned about. A false positive from a vulnerability scan indicates the scan detected a vulnerability, but the vulnerability doesn't actually exist.
False Negative: A false negative occurs if a vulnerability scanner does not report a known vulnerability. This is when the IDS identifies an activity as acceptable when the activity is actually an attack.
True Positive: True if a software contains virus and it is reported by the scan as having virus.
True Negative: True if a software doesn't contain any virus and the scan reports the same, that the software is free of any virus.
