Embed Size (px)
DESCRIPTION
The Life Cycle of a Security Vulnerability
Citation preview
The Vulnerability Life Cycle
A vulnerability is simply a weakness in a system or application that can be exploited to gain unauthorized access to resources and data. Typical examples of vulnerabilities include:
The ability to access a server’s physical environment Improper input validation in a Web form, which allows an attacker to inject code into an
application Misconfigurations that provide an unauthorized user with more privileges than a system
designer intended Buffer overflows in which an application overruns a memory buffer and overwrites adjacent
memory
What is the Vulnerability Life Cycle? This model is a helpful framework to understand how vulnerabilities in systems and applications become points of entry for attackers— when your risks are greatest—and how to appropriately defend yourself.
The Vulnerability Life Cycle provides a view over time of a vulnerability’s origin and correction and the relative risk during each stage of the cycle.
This life-cycle has the following stages:
1. The creation of the vulnerability. This is when the vulnerability is created during the implementation of the vulnerable product.
2. The discovery of a vulnerability. The vulnerability in the product is found. Several people could discover the vulnerability at different times. Little is ever publicly known about this step.
3. The discovered vulnerability is disclosed. The disclosure could come from a variety of sources, in a variety of ways. It could be announced by the vendor or an independent researcher, or secreted away in a product’s Change Log.
4. The vulnerability is corrected. This is usually done by the vendor releasing a patch or workaround. This should lead to an overall reduction in successful intrusions.
5. The vulnerability is publicized. This can happen in a variety of ways; for example news reporting, publishing an advisory, worm activity; but the end effect is that many people know about the vulnerability.
6. The exploit is scripted. This can mean that workable exploit code was released, or instructions on how to produce one are released. In either case, the result is that the number of attackers is greatly increased as those with less skill (script kiddies) can now perform the attack.
7. The vulnerability becomes passé (outdated). Attackers become disinterested in exploiting this vulnerability. This is not guaranteed to happen with every vulnerability, and some vulnerabilities (and exploits) are shown to have cyclical popularity.
8. The vulnerability dies. This happens when the number of possible targets vulnerable to exploitation drops to an insignificant level.
