Uploaded byLearningwithRayYT
PDF, PPTX30 views

Security concerns regarding Vulnerabilities

Vulnerabilities refer to flaws in a system that can be exploited by attackers. Software vulnerabilities are defects that allow attackers to gain control of systems by stealing or manipulating data. Zero-day vulnerabilities are unknown flaws without available patches, making them very dangerous for attackers to exploit. Vulnerability scanning tools inspect systems for vulnerabilities, while proper patch management is needed to fix bugs and remove vulnerabilities. Weak host configurations like default settings, open ports and unsecured accounts also pose threats. Supply chain risks include compromised third-party software and vulnerability in supplier systems. Strong security practices and certification are needed across all organizations and suppliers to minimize cyber attacks.

Software
Related topics:
Cyber-Security

Embed presentation

Download as PDF, PPTX
Friendly Tip: Please take notes to better remember concepts In this video we will learn about Security concerns regarding Vulnerabilities Core Cyber Security Concepts
Vulnerability : Vulnerability refers to a flaw in the system. It's a flaw that can be taken advantage of by attackers. Vulnerabilities leave the system/network open to attacks
A software vulnerability is a defect in software that could allow an attacker to gain control of a system. These defects can be because of the way the software is designed, or because of a flaw in the way that it’s coded. An attacker can exploit a software vulnerability to steal or manipulate sensitive data, join a system to a botnet, install a backdoor, or plant other types of malware. Also, after penetrating into one network host, the attacker could use that host to break into other hosts on the same network. What Can an Attacker Do with a Software Vulnerability?
A zero-day vulnerability is a flaw in a piece of software that is unknown to the programmer(s) or vendor(s) responsible for the application(s). Because the vulnerability isn’t known, there is no patch available. It's common in legacy platforms and newly introduced Operating sytems. Most often, exploits against a zero-day vulnerability are a very rarely discovered right away. It can often take days or months before these flaws are found which is what makes these types of vulnerabilities so dangerous.
Vulnerability Scanning " It's the process of inspecting systems and networks for vulnerabilities, which can be taken adantage of, to disrupt and take control of IT infrastructure " Specialized tools/softwares known as vulnerability scanners are used to help administrators find and address vulnerabilities.
Patch Management : " Patch Management involves acquiring, testing and installing patches to fix bugs and remove vulnerabilities on a computer system " -> Patch Management Tasks Maintaining accurate info of available patches Deciding which patches are appropriate based on device types Making sure that Patches are properly installed System Testing Documenting every step taken Note: improper patch management creates vulnerabilities
Weak host configurations Simply put this means weak security controls and policies that pose a threat to the host device. If the device is running on default settings without any system hardening or security controls in place, the device has weak host configurations and it's an easy target/ weak point for attackers. This includes: Weak Encryption Use of devices on Default Settings Open permissions on devices Open Ports & Services Unsecured root/admin accounts Weak internet protocols
Supply Chain Risks Poor Information Security Practices by low-tier suppliers and other third party data storage/service providers.
Supply Chain Risks Use of Compromised software/hardware Vulnerability in supplier systems
Supply Chain Countermeasures The strength of Supply chain security is only as strong as it's weakest link. All parties must be in compliance with Information security standards. Robust IT security should be setup Organizations must be certified of international standards assuring Cyber Security. To minimize the risk of Cyber attacks on Supply chain, following countermeasures should be in place:
Source: https://jfrog.com/knowledge-base/software-vulnerability/ https://www.techrepublic.com/article/what-is-a-zero-day- vulnerability/

More Related Content

PPTX
software security in information security
bymuqaddashakeel1166
 
PPT
1 (20 files merged).ppt
byseshas1
 
PDF
Zero Day Vulnerabilities: A threat to security.
bychrish87
 
DOCX
Report on Software Vulnerabilities in the financial industry
byChandrak Trivedi
 
PDF
The uncool-security-hygiene
byThiagu Haldurai
 
PPTX
Strengthening cyber resilience with Software Supply Chain Visibility
bySonatype
 
PDF
JacksonvilleJUG_CVE101.pdf
byTheresa Mammarella
 
PDF
Supply Chain Security for Developers.pdf
byssuserc5b30e
 
software security in information security
bymuqaddashakeel1166
 
1 (20 files merged).ppt
byseshas1
 
Zero Day Vulnerabilities: A threat to security.
bychrish87
 
Report on Software Vulnerabilities in the financial industry
byChandrak Trivedi
 
The uncool-security-hygiene
byThiagu Haldurai
 
Strengthening cyber resilience with Software Supply Chain Visibility
bySonatype
 
JacksonvilleJUG_CVE101.pdf
byTheresa Mammarella
 
Supply Chain Security for Developers.pdf
byssuserc5b30e
 

Similar to Security concerns regarding Vulnerabilities

PDF
CLOUD & ETHICAL HACKING INTRODUCTION PDF
byArunIsaac5
 
PDF
Cyber Security for Critical Infrastructure
byMohit Rampal
 
PPTX
FALCON.pptx
byAvinashRanjan80
 
PPTX
Vulnerability Assesment
byDedi Dwianto
 
PDF
The CISO Problems Risk Compliance Management in a Software Development 030420...
bylior mazor
 
PPTX
Vulnerability_Management.pptx
byShriya Rai
 
PDF
Stu w21 a
bySelectedPresentations
 
PDF
2022 Vulnerability Statistics Report.pdf
byssuserc3d7ec1
 
PDF
Edgescan 2022 Vulnerability Statistics Report
byEoin Keary
 
PPTX
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
bySkybox Security
 
PDF
Open-Source Security Management and Vulnerability Impact Assessment
byPriyanka Aash
 
PPTX
Software Bill of Materials and the Vulnerability Exploitability eXchange
byPetar Radanliev
 
PDF
5 howtomitigate
byricharddxd
 
PDF
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
byESET Middle East
 
PDF
Cloud Security:Threats & Mitgations
byIndicThreads
 
PDF
ICS Threat Scenarios
byLuigi Auriemma
 
PDF
Four Third-Party Risk Cyber Gaps that Businesses Need to be Aware of in 2022.pdf
byEnterprise Insider
 
PDF
LonghornPHP - CVE 101.pdf
byTheresa Mammarella
 
PPTX
GIDS-2023 A New Hope for 2023? What Developers Must Learn Next
bySteve Poole
 
PPTX
A new hope for 2023? What developers must learn next
bySteve Poole
 
CLOUD & ETHICAL HACKING INTRODUCTION PDF
byArunIsaac5
 
Cyber Security for Critical Infrastructure
byMohit Rampal
 
FALCON.pptx
byAvinashRanjan80
 
Vulnerability Assesment
byDedi Dwianto
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
bylior mazor
 
Vulnerability_Management.pptx
byShriya Rai
 
Stu w21 a
bySelectedPresentations
 
2022 Vulnerability Statistics Report.pdf
byssuserc3d7ec1
 
Edgescan 2022 Vulnerability Statistics Report
byEoin Keary
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
bySkybox Security
 
Open-Source Security Management and Vulnerability Impact Assessment
byPriyanka Aash
 
Software Bill of Materials and the Vulnerability Exploitability eXchange
byPetar Radanliev
 
5 howtomitigate
byricharddxd
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
byESET Middle East
 
Cloud Security:Threats & Mitgations
byIndicThreads
 
ICS Threat Scenarios
byLuigi Auriemma
 
Four Third-Party Risk Cyber Gaps that Businesses Need to be Aware of in 2022.pdf
byEnterprise Insider
 
LonghornPHP - CVE 101.pdf
byTheresa Mammarella
 
GIDS-2023 A New Hope for 2023? What Developers Must Learn Next
bySteve Poole
 
A new hope for 2023? What developers must learn next
bySteve Poole
 

More from LearningwithRayYT

PDF
Vulnerability Scanning Techniques and Vulnerability scores & exposures
byLearningwithRayYT
 
PDF
Malware and Types of malwares.pdf
byLearningwithRayYT
 
PDF
Types of Threat Actors and Attack Vectors
byLearningwithRayYT
 
PDF
Application Attacks & Application Layer Attacks
byLearningwithRayYT
 
PDF
Threat Intelligence & Threat research Sources
byLearningwithRayYT
 
PDF
Compare and Contrast Security Controls and Framework Types
byLearningwithRayYT
 
PDF
Contrast & Compare & Contrast Information Security Roles
byLearningwithRayYT
 
PDF
Identity Management Controls.pdf
byLearningwithRayYT
 
PDF
Commands used in Assessing Network layout & Security
byLearningwithRayYT
 
PDF
Implementing Account Policies & Authorization Solutions
byLearningwithRayYT
 
PDF
Social Engineering Attacks & Principles
byLearningwithRayYT
 
Vulnerability Scanning Techniques and Vulnerability scores & exposures
byLearningwithRayYT
 
Malware and Types of malwares.pdf
byLearningwithRayYT
 
Types of Threat Actors and Attack Vectors
byLearningwithRayYT
 
Application Attacks & Application Layer Attacks
byLearningwithRayYT
 
Threat Intelligence & Threat research Sources
byLearningwithRayYT
 
Compare and Contrast Security Controls and Framework Types
byLearningwithRayYT
 
Contrast & Compare & Contrast Information Security Roles
byLearningwithRayYT
 
Identity Management Controls.pdf
byLearningwithRayYT
 
Commands used in Assessing Network layout & Security
byLearningwithRayYT
 
Implementing Account Policies & Authorization Solutions
byLearningwithRayYT
 
Social Engineering Attacks & Principles
byLearningwithRayYT
 

Recently uploaded

PDF
Enterprise Software’s Role in Data-Driven Decisions
byShiv Technolabs Pvt. Ltd.
 
PPTX
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
PDF
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
PPTX
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
PDF
Software Development Life Cycle (SDLC).pdf
byflutterlyuser
 
PPTX
Architectural Styles in Software Engineering
byM Munim
 
PPTX
Performance Engineering: New and Conflicting Trends
byAlexander Podelko
 
PDF
Salesforce Data Migration Services.pdf
byRobert Mark
 
PDF
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
PDF
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
PDF
Princeton RSE: What's new in Python π (3.14)
byHenry Schreiner
 
PDF
IT Estate Modernization Solutions for Cloud-Ready Businesses.pdf
byAstuteBusiness
 
PDF
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
PPTX
ONLINE TRAVEL BUSINESS SOFTWARE | BUSINESS TRAVEL SOFTWARE
byphilipnathen82
 
PPTX
Instrumentation.Instrumentation.Instrumentation.pptx
byDavid Kurtz
 
PPTX
Free AI Paraphrasing Tool to Rewrite Sentences – SENTENCIFY
bySENTENCIFY
 
PDF
Princeton RSE: Python Histograms as objects
byHenry Schreiner
 
PDF
our environment ppt made by many people name rarang yadav
byrarang180
 
PPTX
Project System Presentation details process presentation
bytejpratappandey4
 
PDF
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
Enterprise Software’s Role in Data-Driven Decisions
byShiv Technolabs Pvt. Ltd.
 
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
Software Development Life Cycle (SDLC).pdf
byflutterlyuser
 
Architectural Styles in Software Engineering
byM Munim
 
Performance Engineering: New and Conflicting Trends
byAlexander Podelko
 
Salesforce Data Migration Services.pdf
byRobert Mark
 
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
Princeton RSE: What's new in Python π (3.14)
byHenry Schreiner
 
IT Estate Modernization Solutions for Cloud-Ready Businesses.pdf
byAstuteBusiness
 
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
ONLINE TRAVEL BUSINESS SOFTWARE | BUSINESS TRAVEL SOFTWARE
byphilipnathen82
 
Instrumentation.Instrumentation.Instrumentation.pptx
byDavid Kurtz
 
Free AI Paraphrasing Tool to Rewrite Sentences – SENTENCIFY
bySENTENCIFY
 
Princeton RSE: Python Histograms as objects
byHenry Schreiner
 
our environment ppt made by many people name rarang yadav
byrarang180
 
Project System Presentation details process presentation
bytejpratappandey4
 
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 

Security concerns regarding Vulnerabilities

  • 1.
    Friendly Tip: Pleasetake notes to better remember concepts In this video we will learn about Security concerns regarding Vulnerabilities Core Cyber Security Concepts
  • 2.
    Vulnerability : Vulnerability refersto a flaw in the system. It's a flaw that can be taken advantage of by attackers. Vulnerabilities leave the system/network open to attacks
  • 3.
    A software vulnerabilityis a defect in software that could allow an attacker to gain control of a system. These defects can be because of the way the software is designed, or because of a flaw in the way that it’s coded. An attacker can exploit a software vulnerability to steal or manipulate sensitive data, join a system to a botnet, install a backdoor, or plant other types of malware. Also, after penetrating into one network host, the attacker could use that host to break into other hosts on the same network. What Can an Attacker Do with a Software Vulnerability?
  • 4.
    A zero-day vulnerabilityis a flaw in a piece of software that is unknown to the programmer(s) or vendor(s) responsible for the application(s). Because the vulnerability isn’t known, there is no patch available. It's common in legacy platforms and newly introduced Operating sytems. Most often, exploits against a zero-day vulnerability are a very rarely discovered right away. It can often take days or months before these flaws are found which is what makes these types of vulnerabilities so dangerous.
  • 5.
    Vulnerability Scanning " It'sthe process of inspecting systems and networks for vulnerabilities, which can be taken adantage of, to disrupt and take control of IT infrastructure " Specialized tools/softwares known as vulnerability scanners are used to help administrators find and address vulnerabilities.
  • 6.
    Patch Management : "Patch Management involves acquiring, testing and installing patches to fix bugs and remove vulnerabilities on a computer system " -> Patch Management Tasks Maintaining accurate info of available patches Deciding which patches are appropriate based on device types Making sure that Patches are properly installed System Testing Documenting every step taken Note: improper patch management creates vulnerabilities
  • 7.
    Weak host configurations Simplyput this means weak security controls and policies that pose a threat to the host device. If the device is running on default settings without any system hardening or security controls in place, the device has weak host configurations and it's an easy target/ weak point for attackers. This includes: Weak Encryption Use of devices on Default Settings Open permissions on devices Open Ports & Services Unsecured root/admin accounts Weak internet protocols
  • 8.
    Supply Chain Risks PoorInformation Security Practices by low-tier suppliers and other third party data storage/service providers.
  • 9.
    Supply Chain Risks Useof Compromised software/hardware Vulnerability in supplier systems
  • 10.
    Supply Chain Countermeasures Thestrength of Supply chain security is only as strong as it's weakest link. All parties must be in compliance with Information security standards. Robust IT security should be setup Organizations must be certified of international standards assuring Cyber Security. To minimize the risk of Cyber attacks on Supply chain, following countermeasures should be in place:
  • 11.