Key Terms In Ethical Hacking / Want To Know in 2024

Welcome to the ethical hacking class series. This is a whole blog that will make you an utterly ethical hacker.

So, In the first section of ethical hacking, which is the introduction to ethical hacking, we will learn different terminologies, penetration testing methods, and much more.

Let us start with the first lecture (post) on the critical terms in hacking.

Keys terms in ethical hacking

In this lecture, we will learn what is an asset, and what is a vulnerability, exploit, and threat in cyber security.

So let's get started.

What is an asset?

What is Asset

An asset is any device, data, or another environment component that supports information-related activities that should be protected from anyone other than those allowed to view or manipulate the data or information. In information security and computers, access to any data is almost essential.

So assets can be from people, persons, devices, or core anything; investments should be protected from illicit access use, disclosure, alteration, destruction, and theft.


Vulnerability weakness

Vulnerability is a flaw or weakness inside the asset that could be used to gain unauthorized access to it!!

The successful compromise vulnerability may result in data manipulation, privilege elevation, exploitation, etc. In cybersecurity, exposure is a weakness  

a cyber attack can exploit to gain unauthorized access. To use the vulnerability, an attacker must be able to connect to the computer system vulnerabilities.

Vulnerability Examples are- Xss (Cross-site scripting), SQL injection, buffer overflows, and others. We will go to see all these vulnerabilities in the other sections.



Now, what is a threat-

A threat represents a possible danger to the computer system. It means something that no organization doesn't want to happen. Successful exploitation of 

the vulnerability is a threat. A threat may be a malicious hacker trying to gain unauthorized access to an asset. Anything that can exploit a vulnerability intentionally

or accidentally and damage or destroy an asset is also known as a threat. A threat is what we are trying to protect against. 

Common types of threats are natural, unintentional, and intentional.

Natural threats can be floods, hurricanes, or tornadoes.

Unintentional threats can be like an employee mistakenly accessing the wrong information. Yes, that can be a threat. 

Intentional threats are hackers, spyware, malware, adware, or the actions of a disgruntled employee.



The next one is exploited, and exploited is something that takes advantage of a vulnerability in an asset to cause unintended or anticipated behavior in a targeted system, allowing an attacker to gain access to data or information. Exploitation is the next step in an attacker's playbook. After finding a vulnerability, exploits are the means through which reality can be leveraged for malicious activity. All the experts can occur in various ways; one standard method is what explodes to be launched

from malicious websites.

The victim might accidentally visit such a site or be tricked into clicking on a link to the malicious site.



Risk is defined as the impact resulting from the successful compromise of an asset. 

For example, an organization running the venerable Apache tonkat threatens our organization, and the damage or loss caused to the asset is defined as the risk.

Risk can also be defined as the potential for asset loss, damage, or destruction due to exploiting human tragedy. Now, all of these terms 

we have seen previously, reducing the potential for risk by creating and implementing a risk management plan is essential. Risk is the intersection of assets, threats, and vulnerabilities.

Why is it essential to understand the difference between these terms?

Listen if you need help understanding the differences. You will always need help understanding the actual risk to assess. You see, when conducting a risk assessment, the formula that is used to determine the risk is


Which means asset + threats + vulnerability = risk



cyber attack is an attack launched from one or more computers against another computer multiple computers on a network. Cyber attacks can be broken down

into two broad types.

1. The attacks aim to disable or knock the target computer offline.

2. Attack: The goal is to access the target's computer data and gain admin privileges.

A cyber attack can be random or targeted depending on the criminal intent. Cyber attack methods rotate to throw

an organization of their defenses. Famous cyber attacks, for example, are velocity and not petite. Then, crypto miners' attacks made headlines in 2018, and in 2019, cyber-attacks have been a mixed bag. Phishing emails and cyberattacks remain the constant tone for most organizations.

So this was all for this post.

I hope you guys enjoyed reading this blog.


Then, make sure to share with your friends.

Keep smiling and keep learning something new.

Post a Comment