You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Vulnerability analysis is the process of identifying, classifying, and prioritising security weaknesses discovered during scanning. Rather than immediately exploiting every finding, skilled penetration testers analyse vulnerabilities to determine which ones pose the greatest risk and are most likely to succeed.
A vulnerability is a weakness in a system that can be exploited to compromise its confidentiality, integrity, or availability:
| Category | Examples |
|---|---|
| Software bugs | Buffer overflows, use-after-free, race conditions |
| Misconfigurations | Default credentials, open ports, excessive permissions |
| Design flaws | Weak authentication mechanisms, lack of encryption |
| Missing patches | Unpatched operating systems, libraries, or applications |
| Human factors | Weak passwords, susceptibility to phishing |
CVEs are standardised identifiers for publicly known vulnerabilities:
CVE-YYYY-NNNNN
│ │ │
│ │ └── Sequential number
│ └── Year of assignment
└── CVE prefix
CVE-2021-44228 — Log4Shell
- Affected: Apache Log4j 2.x
- Impact: Remote Code Execution
- CVSS Score: 10.0 (Critical)
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.