Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Exploit (computer security)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Method of attack on computer systems}} An '''exploit''' is a method or piece of code that takes advantage of [[Vulnerability (computer security)|vulnerabilities]] in [[software]], [[Application software|applications]], [[Computer network|networks]], [[operating systems]], or [[Computer hardware|hardware]], typically for malicious purposes. The term "exploit" derives from the English verb "to exploit," meaning "to use something to oneβs own advantage." Exploits are designed to identify flaws, bypass security measures, gain unauthorized access to systems, take control of systems, install [[malware]], or [[data breach|steal sensitive data]]. While an exploit by itself may not be a [[malware]], it serves as a vehicle for delivering malicious software by breaching [[security controls]].<ref name=avast-202-09-29> {{cite web | last = Latto | first = Nica | title = Exploits: What You Need to Know | website = Exploits: What You Need to Know | date = 2020-09-29 | url = https://www.avast.com/c-exploits | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240515153218/https://www.avast.com/c-exploits | archivedate = 2024-05-15 | url-status = live | quote = An exploit is any attack that takes advantage of vulnerabilities in applications, networks, operating systems, or hardware. Exploits usually take the form of software or code that aims to take control of computers or steal network data. }}</ref><ref name=Cisco-2023-10-06> {{cite web | title = What Is an Exploit? | website = Cisco | date = 2023-10-06 | url = https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-exploit.html | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240531021442/https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-exploit.html | archivedate = 2024-05-31 | url-status = live | quote = An exploit is a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware.}}</ref><ref name=Cybersecurity-2019> {{cite book | last1 = Gonzalez | first1 = Joaquin Jay III | last2 = Kemp | first2 = Roger L. | title = Cybersecurity: Current Writings on Threats and Protection | publisher = McFarland & Company | publication-place = Jefferson, North Carolina | date = 2019-01-25 | isbn = 978-1-4766-3541-5 | page = 241 | url = https://books.google.com/books?id=yyqFDwAAQBAJ&dq=%22A+technique+to+breach+the+security+of+a+network+or+information+system+in+violation+of+security+policy%22&pg=PA241 | quote = A technique to breach the security of a network or information system in violation of security policy.}}</ref><ref name=OWASP> {{cite web | title = OWASP Secure Coding Practices | website = OWASP Foundation | url = https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/03-appendices/05-glossary | access-date = 2024-08-12 | archiveurl = https://web.archive.org/web/20240106035619/https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/03-appendices/05-glossary | archivedate = 2024-01-06 | url-status = live | quote = To take advantage of a vulnerability. Typically this is an intentional action designed to compromise the software's security controls by leveraging a vulnerability.}}</ref> Researchers estimate that malicious exploits cost the [[global economy]] over US$450 billion annually. In response to this threat, organizations are increasingly utilizing [[cyber threat intelligence]] to identify vulnerabilities and prevent hacks before they occur.<ref>{{Cite journal |last1=Indiana University, Bloomington |last2=Samtani |first2=Sagar |last3=Chai |first3=Yidong |last4=Hefei University of Technology |last5=Chen |first5=Hsinchun |last6=University of Arizona |date=2022-05-24 |title=Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-Based Deep Structured Semantic Model |url=https://misq.umn.edu/linking-exploits-from-the-dark-web-to-known-vulnerabilities-for-proactive-cyber-threat-intelligence-an-attention-based-deep-structured-semantic-model.html |journal=MIS Quarterly |volume=46 |issue=2 |pages=911β946 |doi=10.25300/MISQ/2022/15392|url-access=subscription }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)