A malicious attacker uses a method to find the resources of a target, finds known vulnerabilities of targeted resources, and then exploits vulnerabilities in order to achieve a goal. Vulnerabilities are weaknesses, misconfigurations or loopholes in security that an attacker exploits in order to gain access to the network or resources on the network.
Security vulnerabilities are not limited to web, SQL DB, or operating systems. The same approach goes for any infrastructure networking gears.
These are the three main categories:
- Technology weaknesses
- Configuration weaknesses
- Security policy weaknesses