expand for answer
Technical vulnerability information
Detailed description of a vulnerability to include the implementable steps (such as code) necessary to exploit that vulnerability.
Similar items:
Possibility that a particular threat will adversely impact an information system by exploiting a particular vulnerability. The likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset. Risk is an assessment of probability, possibility, or chance. Risk = threat - vulnerability. The probability that a particular security threat will exploit a particular vulnerability.
[view]
[view]
A program used to detect weaknesses within an organization. Vulnerability scans and vulnerability assessments are two common elements of a vulnerability management program. Vulnerability scans are technical scans performed regularly, and vulnerability assessments are normally combined with a risk assessment.
[view]
[view]
An attack on a system that exploits vulnerabilities that are unknown to others. Typically, it indicates that a vulnerability known to one or more attackers isn’t known to the vendor. In some cases the vendor may know about the vulnerability but hasn’t written or released a patch for the vulnerability yet.
[view]
[view]
A process used to identify vulnerabilities, or weaknesses. It can include both technical means, such as vulnerability scans, and nontechnical means, such as an evaluation or inspection of existing data on threats and vulnerabilities. Examination of information to identify the elements comprising a vulnerability. The systematic examination of systems to determine the adequacy of security measures, identify security deficiencies, and provide data from which to predict the effectiveness of proposed security measures.
[view]
[view]
<p>1. Training<br>- Secure Coding Practices<br>- Writing Security Tests<br>- Provider/Platform Technical Training</p><p>2. Define<br>- Code Standards<br>- Security Functional Requirements</p><p>3. Design<br>- Threat Modeling<br>- Secure Design</p><p>4. Develop<br>- Code Review<br>- Unit Testing<br>- Static Analysis<br>- Dynamic Analysis</p><p>5. Test<br>- Vulnerability Assessment<br>- Dynamic Analysis<br>- Functional Tests<br>- QA</p>
[view]
[view]
There are no comments yet.