Vulnerability Research: Understanding the Basics

In the world of cybersecurity, vulnerability research plays a crucial role in identifying and mitigating weaknesses in systems and applications. A vulnerability is defined as a weakness or flaw in the design or behavior of a system or application, which can be exploited by an attacker to gain unauthorized access. There are five categories of vulnerabilities: operating system, (mis)configuration-based, weak or default credentials, application logic, and human-factor.

Understanding the impact of a vulnerability is essential, as it helps determine its severity and potential consequences. The Common Vulnerability Scoring System (CVSS) and Vulnerability Priority Rating (VPR) are two popular frameworks used to score vulnerabilities based on their severity.

To identify and exploit vulnerabilities, researchers use various tools and techniques, including proof-of-concept (PoC) code, manual exploits, and automated vulnerability scanners. Some of the most common types of vulnerabilities include broken access control, insecure deserialization, and injection attacks.

Source: https://dev.to/sane08/vulnerability-research-57ej