Overview#
Attack Surface is the sum of the different attack vectors where an attacker could enter a thing or extract a thingAttack Surface, of a an Application is the sum of the different attack vectors where an attacker could enter data or extract data
The total number of different possible attack points can easily add up into the thousands or more. To make this manageable, break the model into different types based on function, design and technology:
- Login/authentication entry points
- Admin interfaces
- Inquiries and search functions
- Data entry (CRUD) forms
- Business workflows
- Transactional interfaces/APIs
- Operational command and monitoring interfaces/APIs
- Interfaces with other applications/systems
- ... your types