Introduction to Hacking
◾
3
Vulnerability
Vulnerability is defined as a flaw or a weakness inside the asset that could be used to gain unau-
thorized access to it. The successful compromise of a vulnerability
may result in data manipula-
tion, privilege elevation, etc.
Threat
A threat represents a possible danger to the computer system. It represents
something that an orga-
nization doesn’t want to happen. A successful exploitation of vulnerability is a threat. A threat may
be a malicious hacker who is trying to gain unauthorized access to an asset.
Exploit
An exploit is something that takes advantage of vulnerability in an asset to cause unintended or
unanticipated
behavior in a target system, which would allow an attacker to gain access to data
or information.
Risk
A risk is defined as the impact (damage) resulting from the successful compromise of an asset. For
example, an organization running a vulnerable apache tomcat server poses
a threat to an organiza-
tion and the damage/loss that is caused to the asset is defined as a risk.
Normally, a risk can be calculated by using the following equation:
Risk = Threat * vulnerabilities * impact
What Is a Penetration Test?
A penetration test is a
subclass of ethical hacking; it comprises a set of methods and procedures
that aim at testing/protecting an organization’s security. The penetration
tests prove helpful in
finding vulnerabilities in an organization and check whether an attacker will be able to exploit
them to gain unauthorized access to an asset.
Dostları ilə paylaş: 
