• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Vulnerability FAQs
• How can I find security vulnerabilities in my source code?
• What is an integer overflow?
• What is a race condition?
• What is a format string vulnerability?
• What is a random number vulnerability?
• What is an SQL Injection Attack / Vulnerability?
• Where can I find information about vulnerabilities?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

Where can I find information about vulnerabilities?

The best source for information concerning vulnerabilities is the Open Source Vulnerability Database.

OSVDB is an independent and open source database created by and for the security community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project will promote greater, more open collaboration between companies and individuals, eliminate redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases.

Another useful source is the National Vulnerability Database.

The NVD is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information.

If you want more information about a vulnerability, or want to test your systems for a vulnerability, check out the ExploitTree and Milw0rm.

The ExploitTree is a categorized collection of exploit code. ExploitTree's ambition is to become the most organized, rich and up-to-date exploit repository on the Internet. The ExploitTree is based on CVS (Concurrent Versioning System) and therefore allows the user to keep an up-to-date offline mirror of the repository on their local hard drive. When an ExploitTree Administrator updates their local copy with a new/updated exploit, it updates the repository and keeps everyone else up-to-date. Additionally, a web interface for browsing the ExploitTree online is available.

Milw0rm is an up-to-date report of the newest vulnerabilities. It is an excellent resource for keeping yourself aware of current vulnerabilities. It also provides a database of vulnerabilities sorted either by platform or by type of access required.

Vulnerability Management for Dummies

Our friends at Qualys are offering free copies of the electronic version of Vulnerability Management for Dummies to Tech-FAQ readers. Vulnerability Management for Dummies: Explains the critical need for vulnerability management Details the essential best-practice steps of a successful vulnerability management program Outlines the various vulnerability management solutions - including the advantages and disadvantages of each Highlights the award-winning QualysGuard vulnerability management solution Provides a ten point checklist for removing vulnerabilities from your key resources

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum