Web application security - the fast guide 1.1 | Page 47
Chapter 3 - Vulnerabilities and threat models
P a g e | 47
3.1 Vulnerabilities, threats and attack
Vulnerabilit
y + Threat
Vulnerabilit
y + Threat
Analysis &
regular update
and patch
Detection and
prevention
techniques
Successful
attack
Safe
system
Response and
mitigation
plan
Figure 18: vulnerabilities, threats, attackers and response
Asset: the most valuable parts of the system from beneficial point of view, assets
can be as simple as set of data that should not be compromised to something less
tangible as company reputation.
Threat: is a potential harm that can affect your assets.
Vulnerability: Is a weakness point in the system that might be exploited by an
attacker to compromise your assets.
Attack: action of exploiting a vulnerability in the purpose of compromising
Assets and ratify the related threat.
Assets compromise is directly related to the mutual existence of the vulnerability
and the threat.
Assets Protection can be achieved by breaking this equation focusing on
detection and prevention of threats using detection and prevention techniques
or by eliminating the vulnerabilities through a thoughtful analysis and patch all
detected vulnerabilities.
After all, whatever was the precautions taken to protect the system an after
attack response and mitigation plan and resources are essential.