04 August 2019

🛡️Information Security: Exploit (Definitions)

"A program that takes advantage of a known security weakness in a computer." (Andy Walker, "Absolute Beginner’s Guide To: Security, Spam, Spyware & Viruses", 2005)

"An exploit is a technique or software code (often in the form of scripts) that takes advantage of vulnerability or security weakness in a piece of target software." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"Used as a noun in this case, this refers to a known way to compromise a program to get it to do something the author didn’t intend. Your task is to write unexploitable programs." (Jon Orwant et al, "Programming Perl" 4th Ed., 2012)

"Either: an attack technique that can be directed at a particular computer system or software component and that takes advantage of a specific vulnerability, or the act of successfully implementing such an attack technique." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition" 2nd Ed., 2013)

"An exploit is a particular form of attack in which a tried and tested method of causing impact is followed with some rigour. Exploits are similar in nature to processes, but whereas processes are generally benign, exploits are almost always harmful." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"A method or program that takes advantage of a vulnerability in a target system to accomplish an attack." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"An attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

No comments:

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.