You have firewall and each and every exit -entry point of your network is secured.You regularly update your anti virus and operating system for patches.You have good spam filters than will not allow any spammers to inject into the network.You have smart and strong password setting that change every fortnight.Moreover you do not allow any foreign machine to enter your network unless and until it’s scanned throughly.These are enough reasons to lull you into believing that you are well and very secured.Aren’t They?

I am not scaring you but making you aware what you will do in a scenario when there is a new worm for which no antivirus updates and no firewall is ready to stop it.The reason well they are new and there is no known updates about.Welcome to the world of Zero Day Attack.

What is ZDE and ZDA ?

Irrespective of brand, type and technology, each and every application or devices have some known or some not known security loop holes or bug which can lead to a compromise in security.Now there are organization or individuals who hunt for these kind of vulnerability .When they find they release it publicly.Now what happens?

The main motive of these guys is to make things more secure and add to the development of the application. But when the underground world come to know about the flaw, they will start creating exploits to get some advantage out it.

The time between creation of the exploit and public availability of its patch is called ZDE or Zero Day Attack, and any attack that happens using such flaw which happens using such an exploit is called a Zero Day Attack or ZDA

The image below shows the time life of ZDA.Should explain what i was talking above.

Why should I care ?

Security is a primary concern in every oragnization.Nobody wants there product or organization to fail because of these hacks.They have already much investment to fight against them.Why you should care is because you dont want to loose your business.You don’t want to loose customers because they lost money as you never took care of security.

What should I do ?

Now that’s a million dollar question.I will be doing a little bit analysis on this and carry the discussion to the next post.I dont want to make this post so long they you end up in forgetting what you have read till now.

There could be many ways of fighting the zero day attack.One of the most common way is called as Fuzzing, which I would cover in next post of this series.Some of them which I think can be useful for any site is listed below.

• Keep track of news on exploits.There are news groups and organization which keep on hunting them.
• In case of an exploit discovered, first tighten up your security in terms of avoiding things which can invite the bug.Like if there is problem in word document, avoid opening unknown documents which you receive
• Secondly contact the product owners and confirm if they have started creating a patch or not.
• Keep your organization updated about any new threats that are discovered.Educate them about these things so even they can report a bug if found.
• Now Fuzzing, Its like an activity where you self test the product and try to inject inputs with every combination to find out the vulnerability, so you can keep track of them ahead of time.There are lot of fuzzers available which I will be covering in the next post.

I hope you liked this small post.I will be finishing it in next post.You can read one more article on Phishing Email and Mobile till then.

Update:You can read the next post on this series here

If you enjoyed this post Subscribe to the Free TechSpot Newsletter or Feed It through RSS

(+5 rating, 1 votes)  Loading ...

About The Author of this article: Ashish is one of the co-author of this blog and writes on various interesting softwares, PC tips and more. You can read more of his articles here.

Enjoyed this article? Download our Toolbar ( for Free ) and read us more quickly or Free Subscribe to the Full RSS Feed or Get Post like this in your Inbox Free Subscribe via Email