Overview#

Attack Surface is the sum of the different attack vectors where an attacker could enter a thing or extract a thing

Attack Surface, of a an Application is the sum of the different attack vectors where an attacker could enter data or extract data

The total number of different possible attack points can easily add up into the thousands or more. To make this manageable, break the model into different types based on function, design and technology:

• Login/authentication entry points
• Admin interfaces
• Inquiries and search functions
• Data entry (CRUD) forms
• Business workflows
• Transactional interfaces/APIs
• Operational command and monitoring interfaces/APIs
• Interfaces with other applications/systems
• ... your types

minimising these of course minimises the Attack Surface

More Information#

There might be more information for this subject on one of the following:

• API Development
• Certificate Pinning
• Certificate Transparency
• Strict-Transport-Security