[資安]The relationship(difference) between vulnerabilities and exploits

Chan
1 min readOct 29, 2019

--

弱點或脆弱性(Vulnerability):電腦系統安全方面的缺陷
漏洞利用(Exploits):利用系統中的弱點(漏洞)獲取控制權限的行為

定義描述:
脆弱性(Vulnerability)指電腦系統的缺陷,使系統本身或其應用資料的機密性(Confidentiality)、完整性(Integrity)、可用性(Availability)、存取權控制(Access control)等面臨威脅。

A vulnerability is a flaw in a system, or in some software in a system, that could provide an attacker with a way to bypass the security infrastructure of the host operating system or of the software itself. And also, it could sneak in during an update or when creating the base of the software code. It isn’t an open door but rather a weakness which if attacked could provide a way in.

漏洞利用(Exploits)指從目標系統中找到可攻擊的漏洞,並利用該漏洞獲取系統控制權限,進而達到對目標系統的控制。

Exploiting is the act of trying to turn a vulnerability (a weakness) into an actual way to breach a system. A vulnerability can be ‘exploited’ to turn it into a viable method to attack a system.

用一句話總結兩者關係:
Vulnerabilities are open doors that exploits could use to access a target system. Simply put, an exploit needs a vulnerability to succeed. This means that without vulnerabilities, there wouldn’t be exploits. Exploits depend on oversight, negligence, and some avoidable mistakes, such as unpatched servers and out-of-date software, to achieve their goals.

--

--