Looking at the overall system, security vulnerabilities include the following aspects: 1. Human factors; 2. Technical factors; 3. Planning, strategy and execution process. A security vulnerability is an unprotected entry point that inadvertently leaves a restricted computer, component, application, or other online resource.
The operating environment of this tutorial: Windows 7 system, Dell G3 computer.
Looking at the system as a whole, security "vulnerabilities" include human factors, technical factors, planning, strategy and execution processes.
A security vulnerability is an inadvertent unprotected entry point into a restricted computer, component, application or other online resource. Vulnerabilities are flaws in hardware, software, or usage strategies that expose computers to viruses and hacker attacks.
Common security vulnerabilities
Code injection. A broad attack including SQL injection, which depends on code being inserted and executed by the application.
Session fixed. This is a session attack that allows an attacker to hijack a valid user session. Session fixation attacks can modify an established session on the victim's browser, thus allowing malicious attacks to be carried out before the user is logged in.
Path access, or "directory access". This vulnerability is designed to access files or directories stored outside the web root file.
Weak password has few characters, short number length and lack of special symbols. This password is relatively easy to crack.
Hardcoded encryption keys, providing a false sense of security. Some believe that decentralizing hardcoded passwords before storing them can help protect information from malicious users. But much of this dispersion is a reversible process.
Vulnerability characteristics
Vulnerabilities are flaws in the specific implementation of hardware, software, protocols, or system security policies, which allow attackers to gain unauthorized access to access or damage the system. Specific examples include logic errors in Intel Pentium chips, programming errors in early versions of Sendmail, weaknesses in the authentication method in the NFS protocol, and improper configuration problems when Unix system administrators set up anonymous Ftp services. May be used by attackers to threaten system security. Therefore, these can be considered as security vulnerabilities in the system.
The relationship between the vulnerability and the specific system environment and its time-related characteristics
The vulnerability will affect a wide range of software and hardware equipment, including the operating system itself and its supporting software, network clients and Server software, network routers and security firewalls, etc. In other words, different security vulnerabilities may exist in these different software and hardware devices. Different types of software and hardware devices, different versions of the same device, different systems composed of different devices, and the same system under different settings will have different security vulnerabilities.
The vulnerability issue is closely related to time. From the day a system is released, as users use it in-depth, the vulnerabilities in the system will be continuously exposed. These vulnerabilities discovered earlier will also be continuously patched by patch software released by the system supplier, or released in the future. corrected in the new version of the system. While the new version of the system corrects the loopholes in the old version, it will also introduce some new loopholes and errors. Therefore, as time goes by, old vulnerabilities will continue to disappear and new vulnerabilities will continue to appear. Vulnerability problems will also persist for a long time.
Therefore, it is meaningless to discuss vulnerability issues without specific time and specific system environment. Possible vulnerabilities and possible solutions can only be discussed in detail based on the actual environment such as the operating system version of the target system, the software version running on it, and the service running settings.
At the same time, it should be noted that research on vulnerability issues must track the latest developments in the latest computer systems and their security issues. This is similar to the study of the development of computer viruses. If you cannot keep track of new technologies at work, you will have no say in talking about system security vulnerabilities, and even the work you have done before will gradually lose value.
More learning recommendations: Programming video
The above is the detailed content of What aspects of security vulnerabilities include looking at the system as a whole?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
