Vulnerability

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.
Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.^[1] To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities"^[2] This practice generally refers to software vulnerabilities in computing systems.
A security risk may be classified as a vulnerability. The usage of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability — a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled—see zero-day attack.
Security bug (security defect) is a narrower concept: there are vulnerabilities that are not related to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs.
Constructs in programming languages that are difficult to use properly can be a large source of vulnerabilities.

Vulnerabilities are related to:

• physical environment of the system
• the personnel
• management
• administration procedures and security measures within the organization
• business operation and service delivery
• hardware
• software
• communication equipment and facilities
• and their combinations.

It is evident that a pure technical approach cannot even protect physical assets: you should have administrative procedure to let maintenance personnel to enter the facilities and people with adequate knowledge of the procedures, motivated to follow it with proper care. see Social engineering (security).
Four examples of vulnerability exploits:

• an attacker finds and uses an overflow weakness to install malware to export sensitive data;
• an attacker convinces a user to open an email message with attached malware;
• an insider copies a hardened, encrypted program onto a thumb drive and cracks it at home;
• a flood damages your computer systems installed at ground floor.

Software vulnerabilities

Common types of software flaws that lead to vulnerabilities include:

• Memory safety violations, such as:
  • Buffer overflows
  • Dangling pointers
• Input validation errors, such as:
  • Format string attacks
  • SQL injection
  • Code injection
  • E-mail injection
  • Directory traversal
  • Cross-site scripting in web applications
  • HTTP header injection
  • HTTP response splitting
• Race conditions, such as:
  • Time-of-check-to-time-of-use bugs
  • Symlink races
• Privilege-confusion bugs, such as:
  • Cross-site request forgery in web applications
  • Clickjacking
  • FTP bounce attack
• Privilege escalation
• User interface failures, such as:
  • Warning fatigue [2] or user conditioning.
  • Blaming the Victim Prompting a user to make a security decision without giving the user enough information to answer it [3]
  • Race Conditions [4] [5]

Some set of coding guidelines have been developed and a large number of static code analysers has been used to verify that the code follows the guidelines.