Once the operations of information gathering, discovery, and enumeration are complete, it is time to find vulnerabilities that might exist in the target infrastructure.
Vulnerability mapping is the process of identifying and analyzing the critical security flaws in a target environment
Types of vulnerabilities
The three main classes
- Design Vulnerabilities: weakness found in software specifications
- Implementation Vulnerabilities: technical security glitches that found in the code of the system
- Operational Vulnerabilities: rise due to failed configuration and deployment of a system in specific directions
Type of flaws
- Local vulnerability
A condition where the attacker needs local access to trigger vulnerability by executing the code known as local vulnerability
- Remote vulnerability
A condition where the attacker does not have local access but the vulnerability still can be exploited over the network.