Abstract
The issue of exploiting the software vulnerabilities is considered in the article. Particular attention has been paid to the two aspects of the practical usage of exploits, as an attack tool and as a means of testing protected information systems. It is emphasized that most often exploits are divided by the type of security vulnerability exploited. Analysis of the known incidents related to the use of exploits, al-lows us to assert the existence of a relationship between the degree of popularity of a software product or device, and the probability of the exploits being created. Attention is drawn to the fact that N-day exploits constitute a significant part of existing security threats for vulnerable devices (systems). The main reason for this situation is untimely updating of the used software and ignoring updates of security patches. The extreme importance of the timely release of security patches as an effective means of preventing the usage of identified software vulnerabilities is emphasized. Releasing security patches is a basic element of possible defensive reactions when dealing with such issues. Attention is drawn to the fact that, according to the results of the analysis of known cases of illegal use of exploits (the last 3 years), they, in their vast majority, are aimed at 3 attack vectors: - denial of service; - illegitimate widening the current powers of managemention; - remote execution of malicious code.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
