- Published on
What's vulnerabilities
- Authors
- Name
- Eric Ardiansa
- @eric_ardiansa
What's vulnerabilities?
A vulnerability is a weakness in an application that allows a malicious person to perform some unpermitted action or gain access to information they shouldn’t otherwise be allowed to access. As you learn and test applications, keep in mind that vulnerabilities can result from attackers performing intended and unintended actions. For example, changing the ID of a record identifier to access information you shouldn’t have access to is an example of an unintended action.
Suppose a website allowed you to create a profile with your name, email, birthday, and address. It would keep your information private and share it only with your friends. But if the website allowed anyone to add you as a friend without your permission, this would be a vulnerability. Even though the site kept your information private from non-friends, by allowing anyone to add you as a friend, anyone could access your information. As you test a site, always consider how someone could abuse existing functionality.