DDoSPedia is a glossary that focuses on network and
application security terms with many distributed
definitions. It provides a central place for hard to find web-scattered
definitions on this topic.
A vulnerability (in computer security) is any weakness in a computer system, network, software, or any device that allows one to circumvent security measures and perform actions not intended by its developers or manufacturers. Vulnerabilities range from minor to major, with the most significant allowing for privilege escalation (unauthorized administrator or root privileges) or code execution (the running of unsigned 3rd party software).
New vulnerabilities can often be discovered by the process of “fuzzing”, or purposely trying to break something by attempting to give it unreasonable input values. Once some kind of crash occurs and can be analyzed, one can discover the existence of a vulnerability that may have not been previously documented. Previously unknown vulnerabilities, known as “Zero-Day” vulnerabilities are highly sought after by hackers and developers and manufacturers alike. By using an exploit based on zero-day vulnerability, a hacker can guarantee that his or her attempt to break into a particular computer or device that possesses such vulnerability will succeed. Zero-day exploits are traded on both the black market and through legitimate middlemen between parties for anywhere from $5,000 to $250,000 depending on the effects of the exploit and which system they target. Where a PDF exploit might only fetch a few thousand dollars, a severe exploit targeting the latest version of Apple’s mobile operating system, iOS, might fetch $100,000 or more.