[{"data":1,"prerenderedAt":299},["ShallowReactive",2],{"blog-glossary/exploit":3},{"id":4,"title":5,"body":6,"category":274,"date":275,"dateModified":275,"description":276,"draft":277,"extension":278,"faq":279,"featured":277,"headerVariant":283,"image":284,"keywords":284,"meta":285,"navigation":286,"ogDescription":287,"ogTitle":288,"path":289,"readTime":290,"schemaOrg":291,"schemaType":292,"seo":293,"sitemap":294,"stem":295,"tags":296,"twitterCard":297,"__hash__":298},"blog/blog/glossary/exploit.md","What is an Exploit? Security Basics",{"type":7,"value":8,"toc":264},"minimark",[9,16,21,24,28,95,99,140,144,165,174,178,211,233,252],[10,11,12],"tldr",{},[13,14,15],"p",{},"An exploit is code or a technique that takes advantage of a security vulnerability. If a vulnerability is a hole in your defenses, an exploit is what attackers use to get through it. Exploits can be scripts, specially crafted inputs, or sequences of actions. Protect against them by patching vulnerabilities, using WAFs, and implementing defense in depth.",[17,18,20],"h2",{"id":19},"the-simple-explanation","The Simple Explanation",[13,22,23],{},"Someone finds a bug in your app that lets them do something bad. An exploit is the actual attack code or method that uses that bug. Security researchers write exploits to prove vulnerabilities exist. Attackers write exploits to break into systems. Once an exploit exists, anyone can use it.",[17,25,27],{"id":26},"types-of-exploits","Types of Exploits",[29,30,31,47],"table",{},[32,33,34],"thead",{},[35,36,37,41,44],"tr",{},[38,39,40],"th",{},"Type",[38,42,43],{},"Description",[38,45,46],{},"Target",[48,49,50,62,73,84],"tbody",{},[35,51,52,56,59],{},[53,54,55],"td",{},"Remote",[53,57,58],{},"Works over the network",[53,60,61],{},"Web apps, APIs, services",[35,63,64,67,70],{},[53,65,66],{},"Local",[53,68,69],{},"Requires system access",[53,71,72],{},"Privilege escalation",[35,74,75,78,81],{},[53,76,77],{},"Client-side",[53,79,80],{},"Targets user's browser",[53,82,83],{},"XSS, malicious pages",[35,85,86,89,92],{},[53,87,88],{},"Zero-day",[53,90,91],{},"No patch available",[53,93,94],{},"Unknown vulnerabilities",[17,96,98],{"id":97},"exploit-lifecycle","Exploit Lifecycle",[100,101,102,110,116,122,128,134],"ol",{},[103,104,105,109],"li",{},[106,107,108],"strong",{},"Discovery:"," Vulnerability is found",[103,111,112,115],{},[106,113,114],{},"Development:"," Exploit code is written",[103,117,118,121],{},[106,119,120],{},"Testing:"," Verified to work reliably",[103,123,124,127],{},[106,125,126],{},"Deployment:"," Used in attacks or disclosed",[103,129,130,133],{},[106,131,132],{},"Patch:"," Vendor releases fix",[103,135,136,139],{},[106,137,138],{},"Obsolescence:"," Patched systems are immune",[17,141,143],{"id":142},"common-exploit-patterns","Common Exploit Patterns",[145,146,148,153,157,161],"prompt-box",{"title":147},"SQL injection exploit example",[149,150,152],"h1",{"id":151},"vulnerable-select-from-users-where-id-input","Vulnerable: SELECT * FROM users WHERE id = {input}",[149,154,156],{"id":155},"exploit-input-1-or-11","Exploit input: 1 OR 1=1 --",[149,158,160],{"id":159},"results-in-select-from-users-where-id-1-or-11","Results in: SELECT * FROM users WHERE id = 1 OR 1=1 --",[149,162,164],{"id":163},"returns-all-users-instead-of-just-one","Returns all users instead of just one",[166,167,168],"warning-box",{},[13,169,170,173],{},[106,171,172],{},"Exploit code spreads fast."," Once a working exploit is published, attackers worldwide can use it within hours. This is why patching quickly after disclosures is critical.",[17,175,177],{"id":176},"defense-strategies","Defense Strategies",[179,180,181,187,193,199,205],"ul",{},[103,182,183,186],{},[106,184,185],{},"Patch management:"," Apply security updates quickly",[103,188,189,192],{},[106,190,191],{},"WAF:"," Block known exploit patterns",[103,194,195,198],{},[106,196,197],{},"IDS/IPS:"," Detect and prevent attacks",[103,200,201,204],{},[106,202,203],{},"Least privilege:"," Limit damage from successful exploits",[103,206,207,210],{},[106,208,209],{},"Monitoring:"," Detect exploitation attempts",[212,213,214,221,227],"faq-section",{},[215,216,218],"faq-item",{"question":217},"What is the difference between an exploit and malware?",[13,219,220],{},"An exploit is the technique or code used to take advantage of a vulnerability. Malware is malicious software that performs harmful actions. Exploits are often used to deliver malware, but they serve different purposes. An exploit gets in; malware is what runs after.",[215,222,224],{"question":223},"What is a zero-day exploit?",[13,225,226],{},"A zero-day exploit targets a vulnerability that is not yet known to the software vendor or has no patch available. The name comes from having zero days to fix it before exploitation. Zero-days are valuable and dangerous because there is no defense except general security hardening.",[215,228,230],{"question":229},"How do I protect against exploits?",[13,231,232],{},"Keep software updated with security patches. Use Web Application Firewalls (WAF) to block known exploit patterns. Implement defense in depth with multiple security layers. Monitor for suspicious activity. Run security scans regularly to find vulnerabilities before attackers do.",[234,235,236,242,247],"related-articles",{},[237,238],"related-card",{"description":239,"href":240,"title":241},"What exploits target","/blog/glossary/vulnerability","Vulnerability",[237,243],{"description":244,"href":245,"title":246},"Unpatched exploits","/blog/glossary/zero-day","Zero-Day",[237,248],{"description":249,"href":250,"title":251},"Payload after exploitation","/blog/glossary/malware","Malware",[253,254,257,261],"cta-box",{"href":255,"label":256},"/","Start Free Scan",[17,258,260],{"id":259},"find-exploitable-vulnerabilities","Find Exploitable Vulnerabilities",[13,262,263],{},"Scan your app before attackers exploit it.",{"title":265,"searchDepth":266,"depth":266,"links":267},"",2,[268,269,270,271,272,273],{"id":19,"depth":266,"text":20},{"id":26,"depth":266,"text":27},{"id":97,"depth":266,"text":98},{"id":142,"depth":266,"text":143},{"id":176,"depth":266,"text":177},{"id":259,"depth":266,"text":260},"glossary","2026-01-07","Learn what exploits are, how they work, and how to protect your applications from known and unknown exploits.",false,"md",[280,281,282],{"question":217,"answer":220},{"question":223,"answer":226},{"question":229,"answer":232},"green",null,{},true,"An exploit is code or technique that takes advantage of a vulnerability. Learn how to protect against them.","What is an Exploit?","/blog/glossary/exploit","4 min read","[object Object]","DefinedTerm",{"title":5,"description":276},{"loc":289},"blog/glossary/exploit",[],"summary_large_image","4hlgWAzi39xXZkZ5QzrtDuPFgR2NNnCXiQ_RVZUZIsE",1775843922911]