Exploits vs vulnerabilities

Share This Post

Let’s take a moment to reflect on the past year, where we had a lot thrown at us in terms of humanity but also in cybersecurity. People suddenly became more vulnerable to phishing campaigns and other scams. We are here for you, and you will always be able to count on Jerbaco during these times. But, first, I would like to take a moment to reflect on the things that are infecting our systems today.

What is a vulnerability?

Vulnerabilities are weaknesses or security flaws in a piece of software, system or network that allow hackers to grant access to your environment. I want to give a practical example for this.

Suppose you are in your company or home getting everything ready to go on holiday. You want to leave the house clean and decide to open the windows for fresh air. Unfortunately, you have a busy schedule and must hurry up, so you forget to close one window before leaving. As a result, the window is a potential target for a thief (hacker) to get in.

With software, the same applies: a developer has programmed something without checking or testing this piece of code, on the one hand, due to lack of time, on the other hand by not giving it enough attention. Thus a vulnerability (open window) is unintentionally created.

What is an exploit?

On the other hand, an exploit is a program, script, or code written by a hacker who can use it to exploit a vulnerability found in a system to gain unauthorized access to systems for possibly causing damage or steal information.

Let’s go back to our open window. Suppose you have left this window open on the top floor, then the intruder (hacker) can climb on a ladder to the window and thus enter your house (without permission = unauthorized access). The ladder (exploit) is, in this case, the program that make it possible to use the vulnerability (open window) and abuse it for stealing information.

Conclusion & next steps?

There are several conclusions about this parody:

  1. Free up a budget for security, don’t let it behind
  2. Checking/testing the software before it goes to production systems
  3. Use tools that discover these vulnerabilities
  4. Search for a security posture management system/tool.

Need help? We are happy to assist you with advice, so request a free first consultation soon.

More To Explore

Failed to start the Application Gateway

When setting up an Application Gateway (AGW), the public and private IP addresses of the Application Gateway are required in order to complete the configuration.