What is Vulnerability?

Turkish: Güvenlik Açığı

A vulnerability is a weakness in software or infrastructure that can enable unauthorized access, data leakage, or outage.

What is a Vulnerability?

A vulnerability is a technical or procedural weakness that lets a system be used in a way its owners did not intend. The flaw may exist in application code, a dependency, server configuration, authentication flow, or operational process.

How It Is Classified

Vulnerabilities are often tracked with CVE identifiers and prioritized by impact through scoring systems such as CVSS. Common impact types include privilege escalation, remote code execution, data exposure, authentication bypass, and denial of service.

OWASP makes common web application risk categories easier to understand. Penetration testing helps validate weaknesses from an attacker’s perspective, but a one-time test does not replace continuous patching and monitoring.

Risk and Protection

For a business, a vulnerability can lead to customer data exposure, operational downtime, ransomware entry points, regulatory penalties, and reputational damage. Vulnerability management should therefore include asset inventory, prioritization, patch tracking, and verification.

Protection combines dependency scanning, secure code review, regular updates, least-privilege access, log monitoring, and an incident response plan. The highest-risk issues are internet-exposed systems with known exploit code and should not wait in a generic backlog.