Vulnerabilities Glossary

An attack surface analysis is a systematic process of identifying, classifying, and evaluating vulnerabilities in an organization's IT infrastructure. The goal of an attack surface analysis is to help security teams thoroughly examine their attack surface and prioritize security efforts to mitigate the most critical risks first.

Security teams conduct attack surface analyses on both external and internal systems to get a complete picture of their attack surface. External attack surface analysis focuses on discovering vulnerabilities that attackers can exploit from outside the organization. In contrast, internal attack surface analysis identifies weaknesses that threat actors can exploit if they already have access to the organization's network.

The BlueKeep exploit is a tool threat actors can use to take advantage of a bug in Microsoft’s Remote Desktop Protocol (RDP) implementation. For the less initiated, RDP is a Microsoft operating system (OS) feature that allows users to establish remote connections from one computer to another via a user-friendly interface.

Using BlueKeep enables attackers to take control of a target server, allowing them to do anything to it.

Broken access control is a failure in implementing an access control policy that allows users to bypass the limitations set for their access. For example, the vulnerability enables a rank-and-file accounting staff member to have administrative access beyond his/her authority.

Broken access control also allows a user to access the resources meant for another user. For instance, Employee A can also view Employee B’s payroll records. The vulnerability becomes dangerous in the hands of threat actors. They can reset passwords, access and retrieve financial and other administrative records, and take control of the organization’s websites and applications.

Broken authentication is a term describing multiple vulnerabilities threat actors exploit to impersonate legitimate users online. It refers to weaknesses in session and credential management. Attackers can use both to mimic an authorized user using hijacked session IDs or stolen login credentials.

You can compare broken authentication to two real-world scenarios. First, hijacking a session ID can be likened to thieves waiting for you to open the door to your house and forcing their way in when you do. Second, stealing login credentials is comparable to thieves stealing your house keys from your bag while you’re in a cafe, for instance. Either way, they get an opportunity to break into your home by preying on your weakness—fear of getting shot or being caught unaware.

A business logic vulnerability is a defect in an application’s design and implementation that gives attackers the ability to make it behave unintentionally. As such, threat actors can manipulate legitimate functionality to achieve malicious goals.

A business logic vulnerability generally occurs when program developers fail to anticipate unusual application states. As such, the application doesn’t have a built-in failsafe, allowing them to either crash or get compromised.

EternalBlue is a vulnerability exploit created by the National Security Agency (NSA) that landed on threat actors’ hands when hacker group Shadow Brokers leaked it on 14 April 2017.

EternalBlue made huge waves because it was used in the now-infamous WannaCry and NotPetya attacks after the exploit got leaked. The two attacks have since been the most devastating ransomware campaigns to date.

Insecure cryptographic storage refers to the weakness in the way applications store and secure sensitive data. It is among the most common vulnerabilities in applications, falling under Cryptographic Failures, one of the top 10 web application security risks identified by the Open Web Application Security Project (OWASP).

Insecure cryptographic storage occurs when the wrong data point is encrypted or the encryption algorithm is outdated and insecure. Failure to use industry-standard encryption falls under this vulnerability.

When threat actors exploit this vulnerability, they can access sensitive user data, such as passwords, credit card numbers, bank account numbers, phone numbers, and email addresses.

Insecure deserialization is a vulnerability that occurs when the data users can control is deserialized by a website. Deserialization is the process of extracting data from files, networks, or streams and rebuilding it as objects. It allows a website to interact with the user faster.

Insecure deserialization can allow attackers to manipulate serialized objects to insert harmful data into the application code, turning them malicious.

A remote code execution (RCE) vulnerability is a bug that threat actors can exploit by injecting a user input into a file or string meant to be executed by the target program’s parser. The web application’s developer, of course, did not intend his/her creation to do what the attacker aims to.

An RCE vulnerability allows attackers to compromise the vulnerable web application and its server fully. Note that almost all programming languages have code execution functions, making the bug a critical issue.

The SSL POODLE vulnerability allows an attacker to listen to SSL 3.0-encrypted communication. It is short for “Secure Sockets Layer Padding Oracle on Downgraded Legacy Encryption.” It is widely known as the bug that brought SSL usage to its end. In fact, the POODLE vulnerability no longer affects Transport Layer Security (TLS), SSL’s successor, which was released in 1999.

While the advent of TLS usage should’ve ended woes related to the SSL POODLE vulnerability, that is not the case. 2021 stats revealed that 46 million websites still use SSL, which means they could still be vulnerable.

A vulnerability assessment refers to performing a systematic review of the security gaps in an information system (IS). It determines if a system is vulnerable to any known exploits, assigns a severity level to each vulnerability, and recommends the necessary remediation or mitigation steps.

You can compare a vulnerability assessment to the set of rigorous tests applied to software during development to ensure attackers can’t compromise it and the computers it will get installed on.

XML external entity or XXE is a web vulnerability that enables threat actors to mess with an application’s XML data processing. XML stands for “Extensible Markup Language,” a plaintext file format for storing and transporting data over the Internet.

An e-commerce platform, for example, may use XML to define product listings and specify each product’s description, price, and shipping details. This data can be sourced from an external file, and the weakness lies there.

XML external entity attacks, also known as “XML external entity injection,” take advantage of an XML feature that allows an application to read external files. Attackers may use it to read and retrieve internal files, launch denial-of-service (DoS) attacks, perform port scanning, and other dangerous exploits.