Exploit

An exploit denotes the publication of a vulnerability in a computer system, IT system or website. The term exploit simply means “vulnerability” and is derived from “to exploit.” Thus, the term is also used for a program that systematically uncovers vulnerabilities in IT systems and infrastructures.

General Information[edit]

If a hacker discovers a vulnerability in a computer system, he will either contact and inform the manufacturer of the system about the vulnerability, or publish the results of the analysis on a website in order to provide the information to the public and other hackers. An exploit is differentiated by the fact that not just a vulnerability is discovered, but systematic vulnerabilities that affect the entire system. A recent example is a programming error by Apple, which allowed numerous hackers to infiltrate encrypted web connections and access store sensitive data.

Exploits occur whenever a systematic error, or sequence error, has been made in the programming. Instructions are carried out in the source code, which nullify the program’s own security measures and thereby open the door to hackers. If a vulnerability is discovered by a program which is designed to discover such vulnerabilities, that program is also known as an exploit.

Features[edit]

Exploits can have different purposes. On the one hand, they serve the security of IT systems and infrastructures. On the other hand, exploits can be misused to completely block systems and infrastructure. How an exploit is used depends on the people involved. They can stick to the rules of hacking or not. Although sensitive data may get into the wrong hands, exploits ultimately have the consequence that the hacked systems are made more secure. Nevertheless, systematic programming errors should be avoided from the outset.

Depending on the level at which system exploits occur and how they are used, a distinction is made between DOS, remote, local, zero-day, or command line exploits.

Practical relevance[edit]

Prevention of exploits is the goal of every program. However, errors often only come to light when programs are tested in practice. Not all exceptions and countermeasures can be thought of by a single programmer. Although the programmer can produce stringent source code, various tests should follow in the beta phase of each program.

With A/B testing, crowd testing and various programming paradigms, developers have various options available to avoid errors in the source code. Cleaner code is the ideal solution to exclude possible exploits. Additional protection options are memory protection, an intrusion detection system or managed code within the .NET environment of Microsoft. [1] Absolute protection against exploits unfortunately does not yet exist.

Importance for search engine optimization[edit]

Exploits are also found in search engine optimization. Errors or gaps in the infrastructure, website or in the handling of processes can prompt exploits. With regard to the concept of exploits as a program, exploits are also called black hat or negative SEO. In principle, backlinks can be set with exploits, keywords edited or redirects implemented, all with the goal to influence the ranking with dirty methods such as search engine spamming, keyword stuffing, etc.

Search engines evaluate such interventions as manual actions when they are discovered. Sites that have been hacked by exploits are often in a bad neighborhood and have become victims of HTML injections or SQL injections.

References[edit]

  1. What Is Managed Code?. msdn.microsoft.com. Accessed on 26/05/2014.

Weblinks[edit]