1 00:00:00,090 --> 00:00:01,020 Welcome back, everyone. 2 00:00:01,050 --> 00:00:09,330 This is Rodney, and this is the section about vulnerability you will be learning about what I one abilities 3 00:00:09,390 --> 00:00:12,960 and therefore the action will be taking a use case as well. 4 00:00:13,470 --> 00:00:14,370 Let's get started. 5 00:00:16,620 --> 00:00:18,360 It's basically a weakness. 6 00:00:18,360 --> 00:00:21,560 It's a weakness into either hardware or software. 7 00:00:21,900 --> 00:00:24,170 It in case of software. 8 00:00:24,180 --> 00:00:25,980 We also name it as a bug. 9 00:00:26,430 --> 00:00:26,780 Right. 10 00:00:27,240 --> 00:00:28,950 We use it every now and then. 11 00:00:29,190 --> 00:00:33,810 So 100 is nothing but a bug that weakness into the system as well. 12 00:00:34,290 --> 00:00:35,430 Now, understand this. 13 00:00:36,180 --> 00:00:38,340 This is made used by an attacker. 14 00:00:38,870 --> 00:00:44,460 If if your system if your system either are software and hardware, has a bug or has a vulnerability, 15 00:00:44,820 --> 00:00:47,220 this can be exploited by an attacker. 16 00:00:47,250 --> 00:00:51,470 This can be used by an attacker to perform any malicious activity. 17 00:00:52,170 --> 00:00:56,010 And that's what attackers are always after. 18 00:00:56,850 --> 00:00:59,190 So understand this thing. 19 00:00:59,640 --> 00:01:04,300 It's not just the software and hardware has the weaknesses or vulnerability. 20 00:01:04,350 --> 00:01:07,720 Even humans has the vulnerability as well. 21 00:01:08,010 --> 00:01:11,250 That's why you might have encounter that. 22 00:01:11,310 --> 00:01:16,860 If you even get compromised, it's it's become easier to compromise the machine. 23 00:01:16,870 --> 00:01:17,250 Right. 24 00:01:17,820 --> 00:01:18,810 And that's what it is. 25 00:01:18,840 --> 00:01:22,500 So one liberty is simply a weakness into the system. 26 00:01:23,100 --> 00:01:31,740 OK, and the every vulnerability is has has is assigned with a unique number, and that's called C E. 27 00:01:32,160 --> 00:01:39,690 And this is assigned by an organization and community organization called Mitre and listed and seamy 28 00:01:39,690 --> 00:01:40,730 details dot com. 29 00:01:41,440 --> 00:01:42,480 Now understand this. 30 00:01:42,900 --> 00:01:44,870 Why do assign a one everybody. 31 00:01:44,910 --> 00:01:51,510 Because wherever the vulnerability could exist, technically the vulnerability could exist in the software 32 00:01:51,510 --> 00:01:52,290 or the hardware. 33 00:01:52,710 --> 00:01:58,620 So who should report the software companies or the hardware company? 34 00:01:58,650 --> 00:01:58,900 Right. 35 00:01:58,930 --> 00:02:02,640 So for example, you might have routers. 36 00:02:02,790 --> 00:02:09,600 These are hardware strike and then get router building or maybe Cisco routers, anything. 37 00:02:09,600 --> 00:02:09,870 Right. 38 00:02:10,350 --> 00:02:11,700 It occurs on all the stuff. 39 00:02:12,300 --> 00:02:21,440 On the software side, you have Microsoft Docs, Excel, Adobe PDF and many more. 40 00:02:21,450 --> 00:02:21,790 Right. 41 00:02:21,870 --> 00:02:23,820 Even the Web applications as well. 42 00:02:25,080 --> 00:02:30,750 Now, if they have any sort of bugs, they encountered the themselves. 43 00:02:30,810 --> 00:02:38,490 They should report it to somebody so that they should report it online so that they can announce. 44 00:02:38,520 --> 00:02:46,020 OK, yeah, we have found something and we are fixing it right before somebody can make use of it and 45 00:02:46,020 --> 00:02:47,220 compromise network. 46 00:02:47,550 --> 00:02:55,650 It is a great practice by any organization to proactively do the security testing and try to find out 47 00:02:55,650 --> 00:02:57,470 a weakness into their own system. 48 00:02:57,900 --> 00:02:58,170 Right. 49 00:02:58,680 --> 00:03:04,440 So how it is defined, as I just told you, this is defined by the military. 50 00:03:04,470 --> 00:03:07,690 This is the organization part of this as well. 51 00:03:08,070 --> 00:03:14,550 So basically, as for the NSA, the definition is, of course, it's a weakness in the information system, 52 00:03:14,940 --> 00:03:19,350 and that's how they define the weakness in the information system. 53 00:03:19,830 --> 00:03:25,620 The same system, security procedures, internal controls or implementation that could be exploited 54 00:03:25,650 --> 00:03:27,990 or triggered by an alternate source. 55 00:03:28,650 --> 00:03:30,870 But that's a pretty long definition. 56 00:03:30,870 --> 00:03:33,320 But that's how the Naess define it. 57 00:03:33,660 --> 00:03:38,160 Of course, the different organization has a different way of defining it is. 58 00:03:38,190 --> 00:03:44,550 So then there's the multiple definitions given by these Issaka as well. 59 00:03:44,910 --> 00:03:51,720 So if you want to go deep about get to the article definition of it, you can go to their Web site and 60 00:03:51,720 --> 00:03:53,810 get the definition of one liberty as well. 61 00:03:54,210 --> 00:03:58,530 Simply, you can search for their way of defining vulnerability. 62 00:03:59,250 --> 00:04:02,870 OK, so understand this way. 63 00:04:03,690 --> 00:04:11,610 Vulnerability is always be defined based on CVT and that has that is defined with a specific number 64 00:04:12,000 --> 00:04:14,250 which carries a year as well. 65 00:04:14,250 --> 00:04:15,180 And the number. 66 00:04:15,240 --> 00:04:22,560 OK, we'll talk about in the four decision where I'll talk about how to get more in detail about finding 67 00:04:22,560 --> 00:04:23,800 out the specifics of it. 68 00:04:24,060 --> 00:04:25,690 This was just the introduction to it. 69 00:04:25,980 --> 00:04:26,490 Thank you.