3)+Security+Vulnerabilities

= Definition: =
 * A security vulnerability is a weakness in software that allows unwanted activity or malicious [|exploit] inside the operating system on a computer; it is a weakness which allows an attacker to reduce a system's assurance.**

= Classification: =
 * ** Hardware: Susceptibility to humidity, dust, unprotected storage, etc. **
 * ** Software: Insufficient testing, lack of audit trail. **
 * ** Network: Insecure network architecture, unprotected communication lines. **
 * ** Personnel: Poor recruiting and awareness processes. **
 * ** Site: Unreliable power source, location subject to flood. **
 * ** Organizational: Inadequate regular audit, lack of continuity and/or security plans. **

= Causes: =
 * **__//Complexity://__ Large, complex systems increase the probability of flaws and unintended access points.**
 * **__//Familiarity://__ A common code, software, operating system, and/or hardware increases the probability an attacker has the knowledge and find the tool(s) to exploit the flaw.**
 * **__//Connectivity://__ More physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability.**
 * **__//Password management://__ Using passwords that could be easily discovered, Storing the password on the computer where a program can access it, and reusing passwords between many programs and websites increase the security vulnerability.**
 * **__//OS design//__: OS with policies such as default permit grants every program and every user full access to the entire computer. This allows viruses and malware to execute commands on behalf of the administrator.**
 * **__//Internet Browsing://__ Some internet websites may contain harmful Spyware or Adware that can be installed automatically on the computer systems. After visiting those websites, the computer systems become infected and personal information will be collected and passed on to third party individuals.**

= Vulnerability Levels: =
 * In terms of severity, **** vulnerability can be categorized based on **** the security risk associated with its exploitation as potential vulnerability and information gathered severity level **


 * To see another categorization system for vulnerability, please take a look at the link below: **
 * @https://qualysapi.qualys.eu/qwebhelp/fo_help/knowledgebase/vulnerability_levels.htm**

= How Does it Happen? =
 * To exploit a vulnerability, a hacker must have at least one applicable tool or technique that can connect to a system weakness. **


 * Vulnerability can be seen as the intersection of three elements: **
 * 1) ** A system flaw. **
 * 2) ** Attacker access to the flaw. **
 * 3) ** Attacker capability to exploit the flaw. **


 * Take a look at the top 10 most common software vulnerabilities found on users’ computers in 2010**

= Vulnerability Management & Assessment: =




 * For vulnerability management and assessment, please visit:**
 * ** [|DDDR Security Vulnerability Assessment.] **
 * **A Vulnerability Assessment Methodology for Critical Infrastructure Facilities. **
 * ** Editing vulnerability **


 * Also, The below file is a detailed guide for Vulnerability Assessment Standards and Procedures, provided by Harvard University Information Technology - IT Security. **


 * This guide illustrates, in depth, the vulnerability concept as follow: **