Find-out Vulnerable Website with Vulnerable Site Finder Tool

Find-out Vulnerable Website with Vulnerable Site Finder Tool :-

What is Security Vulnerability ?

A security vulnerability is a weakness in a product that could allow an attacker to compromise the integrity, availability, or confidentiality of that product.

… a weakness in a product…

• Weakness: Security vulnerabilities involve inadvertent weaknesses; by-design weaknesses may sometimes occur in a product, but these aren’t security vulnerabilities.Examples: The choice to implement a 40-bit cipher in a product would not constitute a security vulnerability, even though the protection it provides would be inadequate for some purposes. In contrast, an implementation error that inadvertently caused a 256-bit cipher to discard half the bits in the key would be a security vulnerability.
• Product: Security vulnerabilities are a result of a problem in a product. Problems that result from adhering to imperfect but widely accepted standards are not security vulnerabilities.Examples: A browser that, when connecting to an FTP site, conducts the session in plaintext would not be considered to have a security vulnerability, since the FTP specification calls for plaintext sessions. However, if the browser conducted SSL sessions in plaintext, it would constitute a security vulnerability since the SSL specification calls for encrypted sessions.

… that could allow an attacker to compromise the integrity…

• Integrity: Integrity refers to the trustworthiness of a resource. An attacker that exploits a weakness in a product to modify it silently and without authorization is compromising the integrity of that product.Examples: A weakness that allows an administrator to change the permissions on any file on a system would not be a security vulnerability because an administrator already has this capability. In contrast, if a weakness allowed an unprivileged user to do the same thing, it would constitute a security vulnerability.

…availability…

• Availability: Availability refers to the possibility to access a resource. An attacker that exploits a weakness in a product, denying appropriate user access to it, is compromising the availability of that product.Examples: A weakness that enables an attacker to cause a server to fail would constitute a security vulnerability, since the attacker would be able to regulate whether the server provided service or not. However, the fact that an attacker could send a huge number of legitimate requests to a server and monopolize its resources would not constitute a security vulnerability, as long as the server operator still could control the computer.

…confidentiality…

• confidentiality: Confidentiality refers to limiting access to information on a resource to authorized people. An attacker that exploits a weakness in a product to access non-public information is compromising the confidentiality of that product.Examples: A weakness in a web site that enables a visitor to read a file that should not be read would constitute a security vulnerability. However, a weakness that revealed the physical location of a file would not constitute a vulnerability — although such a weakness could be useful for reconnaissance purposes, and could be used in conjunction with a bona fide vulnerability to compromise files, it would not by itself enable an attacker to compromise data, and thus it would not constitute a security vulnerability. (It’s worth noting, however, that Microsoft, on occasion, has chosen to develop patches in such cases anyway).