To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
.
Leo
Newton
Brights
Milds

Attack surface

From Wikipedia, the free encyclopedia

The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to, extract data, control a device or critical software in an environment.[1][2] Keeping the attack surface as small as possible is a basic security measure.[3]

YouTube Encyclopedic

  • 1/3
    Views:
    4 245
    672
    10 963
  • Attack Surface Management Explained - What is Attack Surface Management?
  • What is the Attack Surface of a Cyber Attack?
  • What is ASM (Attack Surface Management)?

Transcription

Elements of an attack surface

Worldwide digital change has accelerated the size, scope, and composition of an organization's attack surface. The size of an attack surface may fluctuate over time, adding and subtracting assets and digital systems (e.g. websites, hosts, cloud and mobile apps, etc.). Attack surface sizes can change rapidly as well. Digital assets eschew the physical requirements of traditional network devices, servers, data centers, and on-premise networks. This leads to attack surfaces changing rapidly, based on the organization's needs and the availability of digital services to accomplish it.

Attack surface scope also varies from organization to organization. With the rise of digital supply chains, interdependencies, and globalization, an organization's attack surface has a broader scope of concern (viz. vectors for cyberattacks). Lastly, the composition of an organization's attack surface consists of small entities linked together in digital relationships and connections to the rest of the internet and organizational infrastructure, including the scope of third-parties, digital supply chain, and even adversary-threat infrastructure.

An attack surface composition can range widely between various organizations, yet often identify many of the same elements, including:

Understanding an attack surface

Due to the increase in the countless potential vulnerable points each enterprise has, there has been increasing advantage for hackers and attackers as they only need to find one vulnerable point to succeed in their attack.[4]

There are three steps towards understanding and visualizing an attack surface:

Step 1: Visualize. Visualizing the system of an enterprise is the first step, by mapping out all the devices, paths and networks.[4]

Step 2: Find indicators of exposures. The second step is to correspond each indicator of a vulnerability being potentially exposed to the visualized map in the previous step. IOEs include "missing security controls in systems and software".[4]

Step 3: Find indicators of compromise. This is an indicator that an attack has already succeeded.[4]

Surface reduction

One approach to improving information security is to reduce the attack surface of a system or software. The basic strategies of attack surface reduction include the following: reduce the amount of code running, reduce entry points available to untrusted users, and eliminate services requested by relatively few users. By having less code available to unauthorized actors, there tend to be fewer failures. By turning off unnecessary functionality, there are fewer security risks. Although attack surface reduction helps prevent security failures, it does not mitigate the amount of damage an attacker could inflict once a vulnerability is found.[5]

See also

References

  1. ^ "Attack Surface Analysis Cheat Sheet". Open Web Application Security Project. Retrieved 30 October 2013.
  2. ^ Manadhata, Pratyusa (2008). An Attack Surface Metric (PDF). Archived (PDF) from the original on 2016-02-22. Retrieved 2013-10-30.
  3. ^ Manadhata, Pratyusa; Wing, Jeannette M. "Measuring a System's Attack Surface" (PDF). Archived (PDF) from the original on 2017-03-06. Retrieved 2019-08-29. {{cite journal}}: Cite journal requires |journal= (help)
  4. ^ a b c d Friedman, Jon (March 2016). "Attack your Attack Surface" (PDF). skyboxsecurity.com. Archived from the original (PDF) on March 6, 2017. Retrieved March 6, 2017.
  5. ^ Michael, Howard. "Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users". Microsoft. Archived from the original on 2 April 2015. Retrieved 30 October 2013.
This page was last edited on 4 December 2023, at 19:28
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.