Home
Glossary
Attack surface

Attack surface

Advanced
Community submission - Author: Caner Taçoğlu

The attack surface of a software environment is the set of ways in which an unauthorized user (attacker) can enter or extract data from the system. A system’s attack surface is an indicator of the system’s security. 

If a system has a larger attack surface, it is more vulnerable to attacks. Keeping the attack surface as small as possible is fundamental when considering software security.

The attack surface is infiltrated by attack vectors. These can be buffer overflows, network protocol flaws, or web-based attack vectors such as trojans, adware, malware, and many more. 

An attack by an unauthorized user can potentially cause damage by altering or extracting information from the system. Reducing the attack surface, however, does not mitigate the amount of damage a malicious actor can do once they have breached the system.

To infiltrate a system’s attack surface, finding only one vulnerable or insecure point of the system is adequate. For a more sophisticated attack, the attackers may first visualize the system and map out all the devices and their paths. Then potential vulnerabilities can be identified and exploited for each node.

Attack surfaces must be reduced to build more secure systems. This can be done by applying a number of basic security measures:

  • Reducing the amount of code that is running. Less code equals fewer attack vectors.
  • Reducing entry points in the system. Fewer entry points result in fewer attack vectors for unauthorized users.
  • Eliminating services that are used by only a small subset of users. By turning off unnecessary functionality, there will be fewer attack vectors.