If you have any questions that do not appear below about our web application security services, please write us at email@example.com
Q: WHAT ‘S THE DIFFERENCE BETWEEN A VULNERABILITY AND AN EXPLOIT?
A: If a security risk is recognized as a possible means of attack, it is classified as vulnerability. If a security risk has one (or more) known instances of fully-implementing attacks, it is classified as an exploit.
Q: WHAT CAUSES VULNERABILITIES?
A: Vulnerabilities may result from software bugs, weak passwords, a computer virus, malware, an SQL injection, or a script code injection.
Q: HOW CAN I PROTECT MY SYSTEM FROM VULNERABILITIES?
A: To reduce the chance of vulnerabilities being used against your system is by being vigilant.
- employing careful system maintenance, such as applying software patches
- both during development and throughout the deployment lifecycle
- best practices in deployment , such as using firewalls and access controls
Q: HOW ARE EXPLOITS CATEGORIZED?
A: Exploits are generally named and categorized by the following criteria:
- The result of running the exploit (EoP, DoS, Spoofing, etc...)
- The type of vulnerability they exploit
- If they must be run on the same machine as the program that has the vulnerability (local)
- If they can be run on one machine to attack a program running on another machine (remote)
Q: WHAT IS SOCIAL ENGINEERING?
A: Social engineering is a form of manipulation in which people are tricked into divulging confidential information or performing a harmful action. This con enables criminals to gain access to computer systems and/or gather confidential information. Two common social engineering threats to website security are phishing and baiting.
Q: WHAT IS EAVESDROPPING?
A: The act of covertly listening to a private conversation. This may occur over the telephone lines via wiretapping, instant messaging, email and other methods of communication considered private.
Q: WHAT IS AN INDIRECT ATTACK?
A: An attack launched by a third party computer.
Q: WHAT IS A DIRECT ACCESS ATTACK?
A: When someone gains access to your computer and has the ability to install devices to compromise security. The only way to defeat this is to encrypt storage media and store your code key separate from the system.
Q: WHAT IS A BACKDOOR ATTACK?
A: A method of bypassing, undetected, the standard authentication, or secure remote access, in order to access a computer. The backdoor may take the form of an installed program, a modification to an existing program, or a hardware device.
Q: WHAT IS A DENIAL OF SERVICE ATTACK?
A: This method of attack is designed to render a system unusable, denying service to individual victims. For example, an attacker can overload the system capabilities, thus blocking all users immediately.
Free online website scan and vulnerability test.
Contact us to learn more about website security and web vulnerability.