Answer the question
In order to leave comments, you need to log in
G
G
Gudsaf2017-11-17 10:27:51
Gudsaf, 2017-11-17 10:27:51
What is an attack vector in information security?
That's what many say - the attack vector.
Is there somewhere a definition of what is an "attack vector" or some understanding of what it is?
So that all attack vectors can be taken and structured.
For now, the most appropriate answer is:
" An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome." which means: " Attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server to deliver a payload or a malicious result. "
There is only one thing I disagree about: a vector is a means - somehow not clear.
1 answer(s)
@Freika
E
Eugene Burmakin, 2017-11-19 @Freika
Well, you found everything correctly, you just translated it incorrectly. It is not a means, but an opportunity. For example, a site URL with get parameters in it is an attack vector, because using this URL you can check the site for vulnerabilities to open redirects, to xss, to SQLi, and a bunch of other things, of your choice. Any form is an attack vector. Any 3rd-party service used by a site is also an attack vector, because it can contain vulnerabilities that can be used to detect and exploit vulnerabilities already on the target site.
Similar questions
C
P
S
S
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question