Attacks are attempts to do something malicious to a website or program by using vulnerabilities or attempting to find vulnerabilities. These are intentional actions by users to compromise systems, steal data, or disrupt operations.
🟡 Vulnerabilities
Vulnerabilities are sections on a website or in a program that can be exploited by someone to make an attack. These are weaknesses in items such as system design, implementation, or configuration.
🟠Threats
Threats are issues among a program or website's code that pose an issue regarding the integrity of the program or site. These represent potential dangers that could intentionally or unintentionally exploit vulnerabilities.
Real-World Examples
Attack Example: A hacker using SQL injection to access a database
Vulnerability Example: Unpatched software with known security flaws
Threat Example: Outdated encryption protocols that could be broken
Test Your Knowledge
1. What is the main difference between a threat and an attack?
A threat is potential danger, while an attack is an active attempt to cause harm
A threat is more dangerous than an attack
There is no difference between threats and attacks
Attacks only happen to websites, threats happen to programs
2. Which of the following best describes a vulnerability?
A malicious attempt to harm a system
A weakness or flaw that can be exploited
A type of malware
A security policy
3. An attacker discovers an unpatched security flaw in a web application and uses it to steal data. What is the security flaw called?
An attack
A vulnerability
A threat
A breach
4. Which scenario represents a threat but not yet an attack?
A hacker actively trying to break into a system
Malware that has infected a computer
Outdated software that could potentially be exploited
A successful data breach
5. What is the relationship between threats, vulnerabilities, and attacks?
They are completely unrelated concepts
Threats exploit vulnerabilities to launch attacks
Attacks create vulnerabilities that become threats
Vulnerabilities are always more dangerous than threats
6. A hacker has found that a company's firewall has a configuration error that allows unauthorized access. They used their findings to gain access and download crucial company files. This is an example of:
