Deepening the Technical Definitions

Recall the difference between a vulnerability and an exploit:

• Vulnerability: A flaw in the design, implementation, or configuration of software (e.g., buffer overflow, default password, missing patch).
• Exploit: Code written to target a specific vulnerability.

Common Vulnerability Categories

1. Injection Flaws (SQLi, Command Injection): Untrusted user input is executed as code/commands.
2. Broken Authentication/Access Control: Flaws allowing unauthorized users to gain access or elevate privileges.
3. Memory Corruption (Buffer Overflows): Overwriting memory buffers to redirect program execution flow.
4. Missing Security Configurations: Leaving default settings that are insecure (e.g., SNMP community string 'public').

Ethical hackers must first find the vulnerability and then locate or develop the corresponding exploit code.