Attack surface

The attack surface of a software environment is the sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment.^[1] ^[2]

Examples of attack vectors

Examples of attack vectors include user input fields, protocols, interfaces, and services.

Surface Reduction

The basic strategies of attack surface reduction are to reduce the amount of code running, reduce entry points available to untrusted users, and eliminate services requested by relatively few users. One approach to improving information security is to reduce the attack surface of a system or software. By turning off unnecessary functionality, there are fewer security risks. By having less code available to unauthorized actors, there will tend to be fewer failures. Although attack surface reduction helps prevent security failures, it does not mitigate the amount of damage an attacker could inflict once a vulnerability is found.^[3]

References

↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.

This software-engineering-related article is a stub. You can help Wikipedia by expanding it.

This security software article is a stub. You can help Wikipedia by expanding it.

[OWASP-1] Lua error in package.lua at line 80: module 'strict' not found.

[Manadhata-2] Lua error in package.lua at line 80: module 'strict' not found.

[3] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

[3]

Attack surface

Contents

Examples of attack vectors

Surface Reduction

See also

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools