What is Vulnerability?
Turkish: Güvenlik Açığı
A vulnerability is a weakness in software or infrastructure that can enable unauthorized access, data leakage, or outage.
What is a Vulnerability?
A vulnerability is a technical or procedural weakness that lets a system be used in a way its owners did not intend. The flaw may exist in application code, a dependency, server configuration, authentication flow, or operational process.
How It Is Classified
Vulnerabilities are often tracked with CVE identifiers and prioritized by impact through scoring systems such as CVSS. Common impact types include privilege escalation, remote code execution, data exposure, authentication bypass, and denial of service.
OWASP makes common web application risk categories easier to understand. Penetration testing helps validate weaknesses from an attacker’s perspective, but a one-time test does not replace continuous patching and monitoring.
Risk and Protection
For a business, a vulnerability can lead to customer data exposure, operational downtime, ransomware entry points, regulatory penalties, and reputational damage. Vulnerability management should therefore include asset inventory, prioritization, patch tracking, and verification.
Protection combines dependency scanning, secure code review, regular updates, least-privilege access, log monitoring, and an incident response plan. The highest-risk issues are internet-exposed systems with known exploit code and should not wait in a generic backlog.
Related Terms
CVE assigns unique identifiers to publicly disclosed security flaws so teams can track exposure and prioritize remediation.
OWASP (Open Web Application Security Project)OWASP is a nonprofit security organization that publishes resources like the OWASP Top 10 to improve web application security.
Penetration TestingPenetration testing is an authorized security assessment that uses controlled attacks to find vulnerabilities in applications, networks, or infrastructure.
Supply Chain AttackA supply chain attack compromises a dependency, tool, build step, or vendor account to reach a target system indirectly.