What is weakness in coding?

How to Answer THAT Weaknesses Question

What are your biggest weaknesses? When you hear this question, it makes you shudder. If there is one reason alone to dislike job interviews, this could be it. The conundrum here is that an interview is a place where you know you have to talk positively about yourself, however this question forces you to talk about yourself in a negatively. Help!

A popular way around this question is to state a strength as a weakness instead. You know, “I work too hard” or, “I’m sometimes too passionate”. While these might seem like the perfect option, these types of responses tend to fall in to the realm of interview clichés. Be lieve me – despite the interviewer being all smiles when listening to such a response, inside they’re desperately trying not to roll their eyes.

Before we go into how to build a strong answer, it’s important to ask, “well, why are they asking it?” From my experience, it’s firstly to see how you manage to navigate such a tricky question and think critically about yourself. Secondly, it’s to see your reaction. The interviewer wants to see if you panic, become nervous or get flustered. Regardless of how your answer, it’s paramount that you maintain the same level of confidence, poise and positivity as you would for any other question.

With that in mind, let’s move onto how to successfully answer the question in a genuine, thoughtful and sincere way… without the clichés!

1. Make a list of all your weaknesses. Get specific.

Instead of writing “lazy” write “slow to respond to emails”. Once you have your list, it’s now time to think which weaknesses will have the least negative impact for the particular job you’re interviewing for.

2. Think about utilising empathy.

If you’re a software developer, a weakness you could talk about is the fact that you’re can little shy when it comes to speaking large meetings. This weakness of yours has very little impact on the core skills that are required to do the job. At the same time, offers a genuine weakness. In this instance, you make yourself relatable, so they can actually empathise with you in a positive way.

For a sales role, think about which one of your weaknesses will have the least negative impact. To use myself as an example (having worked in sales), what I found difficult was filling in KPIs and basic administrative tasks. Again, the weakness that I mentioned here isn’t something that’s going to reduce my ability to do my job well, because my core job is to sell products and services, and not take care of the administration side of things. No company is going to hire a sales person who is fantastic at administrative tasks, but terrible at selling, in the same way a software developer who is a terrible programmer, but fantastic at participating in meetings, is never going to get the role.

3. Explain how you’ve identified your weakness and how you’re working on it.

For a sales role, you could say the following:

“ I’ve been working on it and I realise the value of getting it right. I’ve learnt that if I stay on top of it, it will free up more of my time to focus on sales”.

For a software developer you could say the following:

“It’s something I’m aware of and I’ve been practicing a range of visualisation techniques prior to going into meetings. This has given me a lot of confidence and I’ve actually improved significantly over the last year”.

To recap:

• Ensure you speak with the same level of confidence you’ve shown with the other questions
• Make a list of weaknesses and focus on specifics rather than general things
• Use the weakness in your list which has the least negative impact for the role that you’re interviewing for
• Mentioned that is something you’re aware of, followed by what you’re doing to improve on that weakness.

About the author: Farhan Raja is a career coach, former recruiter and founder of Jobinterviewology.com.

Frequently Asked Questions

Is this a full body training program?
No. Train Your Weakness is designed to focus on developing and improving one movement at a time.

Is this a one-time payment? How long do I have access for?
Yes — you pay $21 for each program. This is a one time payment and you will have access to the program for life! Payments are done on TrainHeroic and all billing questions can be handled at support@trainheroic.com How can I get feedback during the program?
Simply email us with your concern, a video or picture, and a coach will get back to you! support@trainyourweakness.com What if this programming isn’t for me — can I get a refund?
Yes — we have a 30 day money back guarantee. Email us at support@trainyourweakness.com and we will take care of you.

When should I be doing Train Your Weakness programming?
We recommend completing the TYW session immediately before or immediately after your normal 1 hour general training session. Working on your weakness while you are the freshest will allow you to put the most possible energy into the area you want to see the best results in. Doing TYW programming after a normal training session might also work best with your unique schedule, and you will definitely still see positive results. When should my rest days from Train Your Weakness programming be?
We recommend at least 1 full days rest between each session. What are the «Coach’s Notes»?
Coach’s Notes will help you understand WHY you’re doing each movement in the program. It will also help you with movement cues and proper form. Knowledge is power. Can I do multiple TYW programs at once?
It’s not advisable that you do multiple programs that focus on the same muscle groups (example: HSPU & RMU — too much strain on shoulders!)
You can do multiple programs at once, as long as they don’t have the same muscle group focus.
We are excited you want to smash your weaknesses, but we also don’t want you getting hurt. How much should I rest between TYW programs?
Give your body a week of rest before jumping into another TYW program that focuses on the same muscle groups!

I’m a Premium member with The Professor Project — do I get a discount?
Yes! Email us at support@trainyourweakness.com to get your coupon code. Please provide us with the email address associated with your Premium account in this email.

I’m a first responder/military — do I get a discount?
Yes! Email us at support @trainyourweakness.com to get your coupon code. Please provide ID.

I need to get in touch — how can I contact you?
Email us at support @trainyourweakness.com

Train Your Weakness is intelligent and specific programming which will help you master some of the hardest fitness movements. Have questions? Email us at support@trainyourweakness.com

What is a security weakness?

The terms vulnerability, threat and weakness are often used in cybersecurity. Understanding the difference between these terms is important. It allows organizations to correctly implement, document and assess their cybersecurity activities and controls. Here, we take a closer look at security weaknesses.

While threat and vulnerability have rather clear definitions in cybersecurity, this is not the case for a weakness. Commonly used glossaries, such as RFC 4949 and the NIST glossary do not define the term weakness. On the other hand, it is very often used as part of the vulnerability definition. A vulnerability is a weakness that can be exploited by an attacker. Thus, a weakness is an error, typically in the software code, that might lead to a vulnerability. This happens when it can be exploited.

Software weaknesses are often discussed and defined in the context of the Common Weaknesses Enumeration (CWE). This is a “community-developed list of common software security weaknesses”. In CWE, each distinct weakness is assigned a CWE identifier. The Mitre corporation, a not-for-profit company, maintains the CWE list. CWE Version 3.2, released in January 2019, contains 806 weaknesses. Entries in the list often have quite extensive descriptions with examples. It is a good starting point for understanding and avoiding software errors.

CWE examples

Since there is no clear definition of the term, we look at a few examples. This will give a better feeling for it. CWE includes both very well known and common errors, but also some more exotic potential problems. These issues can increase the probability of having security vulnerabilities.

• CWE-79: improper neutralization of input during web page generation (‘cross-site scripting’). Cross-site scripting, or XSS, is one of the most common web application vulnerabilities. The NIST NVD database contains 1,964 XSS vulnerabilities that were published in 2018.
• CWE-120: buffer copy without checking size of input (‘classic buffer overflow’). This is the classic buffer overflow attack and is the cause of very many vulnerabilities. It can sometimes lead to arbitrary code execution. The NIST NVD database contains 1,756 vulnerabilities related to this CWE published during 2018 alone.
• CWE-646: reliance on file name or extension of externally-supplied file. A server should not assume that the file extension actually matches the content of the file. Processing files that are misclassified could lead to unwanted behaviour.
• CWE-1120: excessive code complexity. Code that is difficult to understand or maintain is more likely to be vulnerable. Errors are more difficult to find and fix when code is not clear and clean.

This last example, CWE-1120, clearly shows the difference between a weakness and a vulnerability. Very complex code is obviously not by itself exploitable in a cyber attack. However, this weakness can lead to errors than can be exploited by an attacker.

CWE abstraction levels

Entries in CWE are given with different levels of abstraction. Some are very generic, while others are more specific. There are three different abstraction levels. These are class, base, and variant. Classes are described in a very abstract way, independent of programming language and technology. Weaknesses in the base level are slightly more specific. They are often enough specific to include methods for detection and prevention. The variants are the most specific and are described with a low level of detail.

For the buffer overflow vulnerabilities, examples of these levels would be:

• Class: CWE-119: improper restriction of operations within the bounds of a memory buffer.
• Base: CWE-120: buffer copy without checking size of input.
• Variant: CWE-121: stack-based buffer overflow.

For cross-site scripting, a similar abstraction can be seen as follows:

• Class: CWE-74: improper neutralization of special elements in output used by a downstream component (‘injection’).
• Base: CWE-79: improper neutralization of input during web page generation (‘cross-site scripting’).
• Variant: CWE-80: improper neutralization of script-related HTML tags in a web page (basic XSS).

Mitre provides visualizations showing how the different weaknesses relate to each other. There are a few different visualizations depending on how you want to view the relations. These are given as views.

CWE categories and views

In addition to concrete weaknesses, CWE also uses the notion of categories and views. A category is an entry that contains a CWE list of other entries, where all share a common characteristic. Categories can be nested. The Code category include the Source Code category, which in turn contains e.g., Data Processing Errors. This category in turn contains e.g., CWE-119 mentioned above.

A view is a subset of CWE entries that are grouped together. One view is e.g., CWE-1026 Weaknesses in OWASP Top Ten (2017). This view includes all weaknesses that are related to the different items in OWASP Top 10. In turn, each of the ten items is a category consisting of weaknesses. Two other views that are interesting are CWE-701: Weaknesses Introduced During Design and CWE-702: Weaknesses Introduced During Implementation.

In summary, the CWE list can be used as a baseline for identifying, preventing and mitigating errors. Through this common language, organizations can describe and communicate problems in a well-defined way.