Attack surface

The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to, extract data, control a device or critical software in an environment.^[1]^[2] Keeping the attack surface as small as possible is a basic security measure.^[3]

^ "Attack Surface Analysis Cheat Sheet". Open Web Application Security Project. Retrieved 30 October 2013.
^ Manadhata, Pratyusa (2008). An Attack Surface Metric (PDF). Archived (PDF) from the original on 2016-02-22. Retrieved 2013-10-30.
^ Manadhata, Pratyusa; Wing, Jeannette M. "Measuring a System's Attack Surface" (PDF). Archived (PDF) from the original on 2017-03-06. Retrieved 2019-08-29. {{cite journal}}: Cite journal requires |journal= (help)

[OWASP-1] "Attack Surface Analysis Cheat Sheet". Open Web Application Security Project. Retrieved 30 October 2013.

[Manadhata-2] Manadhata, Pratyusa (2008). An Attack Surface Metric (PDF). Archived (PDF) from the original on 2016-02-22. Retrieved 2013-10-30.

[3] Manadhata, Pratyusa; Wing, Jeannette M. "Measuring a System's Attack Surface" (PDF). Archived (PDF) from the original on 2017-03-06. Retrieved 2019-08-29. {{cite journal}}: Cite journal requires |journal= (help)

[1]

[2]

[3]