The attack surface of a software environment is the scope of functionality that is available to any application user, particularly unauthenticated users.

This includes, but is not limited to:

• User input fields
• Protocols
• Interfaces
• Services

One approach to improving information security is to reduce the attack surface, making a piece of software harder to attack. However, this approach does little to mitigate the amount of damage a determined attacker can inflict once a vulnerability is found.

References

See also

Vulnerability (computing)

Computer security

Please help improve this section by expanding it. Further information might be found on the talk page or at requests for expansion. (June 2008)

External links

• Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users on MSDN
• Attack Surface Measurement
• Attack Surface Measurement at Carnegie Mellon CyLab

This software-related article is a stub. You can help Wikipedia by expanding it.