Vulnerabilities or Weaknesses
There are many ways that you can discover security issues that affect your website:
- internal testing
- penetration testing
- vulnerability scanners
- a bug bounty program
- malicious activity or hacks against your site
- and a myriad of others
Regardless of how the issues are discovered, the important thing now is how you address the issues.
- Vulnerabilites
- These are security flaws or bugs in the platform, server software or your application
- Weaknesses
- These are cases where your application is working correctly, but not demonstrating the level of security that you want
The “Let me secure that for you!” approach advocates only virtual patching known vulnerabilities or weaknesses, in only the places where they have been discovered. This avoids blanket-blocking whole classes of traffic, and the resulting chance of false-positive blocking of legitimate traffic.