Skip to content

Vulnerability analysis

To perform vulnerability analysis, we use all kinds of pentesting tools that help us identify vulnerabilities in the exposed applications and services. In addition to the tools, you must be able to perform these tasks manually, understand their underlying principles, and be able to disassemble and analyze code, as well as program exploits to gain access to a network or system.

After that, all detected service vulnerabilities must be categorized and analyzed based on their impact, or the attack vector they involve.

Vulnerability types

The following defines four types of vulnerabilities:

  • Network vulnerabilities are the result of insecure operating systems and network architecture. This includes flaws in servers and hosts, misconfigured wireless network access points and firewalls, as well as insecure network protocols.

  • Hardware vulnerabilities are exploitable weaknesses in computer hardware. Some examples include the Spectre and Meltdown vulnerabilities found in processors manufactured by Intel, ARM, and AMD. They affect almost all systems, including desktop computers, laptops, servers, and smartphones.

  • Software and application vulnerabilities include coding errors or cases where software responds to certain requests in an unintended way. They include vulnerabilities such as CSRF (cross-site request forgery) and XSS (cross-site scripting).

  • Zero-day vulnerabilities are security flaws that have been discovered by attackers but are unknown to software vendors and therefore have not yet been patched. The term refers to the number of days the vendor has had to fix the vulnerability.