Security+ SY0-601: 1.6: Vulnerabilities

This entry is part 10 of 47 in the series [ Security+ SY0-601 ]

Chapter 6: Vulnerabilities

Common Vulnerabilities and Exposures

CMITRE: One of the Big Daddies to Know:


Cloud-Based vs. On-Premises

Weak Configurations

Consider the case of web servers, which have many, many configuration settings often scattered through many config files. One critical piece of configuration is SSL/TLS negotiation. Your site must use TLS 1.2 or later (if TLS 1.3 is more widely deployed by the time you read this). Anything less opens your site to a POODLE attack (Google this, I’m serious).

Here’s a link to a sweet Docker container that runs a POODLE-type attack against web servers you are well permissioned to test. Read the text of this page:

Open Perms

Unsecure root accounts

Error handling and messages

Weak encryption

Unsecure protocols

Default settings

Open ports and services

Third-Party Risks

Vendor management

System integration

Vendor support or lack thereof



Supply chain

Outsourced code development

Data storage

Patch Management

Firmware – yes, patch this too



Legacy Platforms


Data loss

Data breach

Data exfiltration

Identity theft



Availability loss

Want to practice exploiting vulnerabilities?

And know how to use virtual machines?