Vulnerability Types
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Security+ premium course — no separate purchase.
Included in this chapter:
- Application and memory flaws: overflow, injection, race conditions, malicious update
- OS-based, web, and hardware weaknesses
- Virtualization, cloud, supply chain, cryptographic, misconfiguration, mobile, zero-day
- Exam-pattern recognition: classifying the weakness
SY0-701 objective 2.3 vulnerability classes: example weakness and where the fix lives
| Vulnerability class | Representative weakness | Layer / owner | Primary mitigation |
|---|---|---|---|
| Application | Buffer overflow, memory injection, race condition (TOCTOU), malicious update | Code / developer | Input validation, bounds checking, safe languages, signed updates |
| OS-based | Unpatched kernel or service flaw, weak defaults | Operating system / sysadmin | Patch management, secure baseline hardening |
| Web | SQL injection (server-side), cross-site scripting (client-side) | Web app / developer | Parameterized queries, contextual output encoding, CSP |
| Hardware | Outdated firmware, end-of-life and legacy devices | Device / asset owner | Firmware updates, replacement, isolation of unsupported gear |
| Virtualization | VM escape, resource reuse leaking residual data | Hypervisor / platform team | Hypervisor patching, strong tenant isolation, memory/storage sanitization |
| Cloud-specific | Shared-responsibility and multi-tenant gaps | Cloud customer (their share) | Correct IAM, storage and network configuration; CSPM |
| Supply chain | Inherited flaw via service, hardware, or software provider | Third-party vendor | Vendor assessment, SBOM, code/artifact signing, integrity checks |
| Cryptographic | Deprecated algorithm, short key, weak randomness, poor key storage | Crypto implementation | Strong current algorithms, proper key length and management |
| Misconfiguration | Default credentials, open buckets, excessive permissions | Configuration / operator | Secure baselines, least privilege, configuration review |
| Mobile device | Sideloading, jailbreaking / rooting | Endpoint / device user | MDM policy, block sideloading, detect rooted/jailbroken devices |
| Zero-day | Flaw unknown to vendor and public; no patch or signature | Any layer (unknown) | Compensating controls, behavioral detection, virtual patching |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.