Finding vulnerabilities What is a vulnerability The OWASP project defines a vulnerability as follows: A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application What is a vulnerability depends on your threat model (What is a threat model? We will learn more about that in chapter 11). For example, this bug was rewarded $700 for a simple DNS leak. But in the context of privacy-preserving software, this leak is rather important and may endanger people. In