The attack surface is the digital surface area of a system or organisation that is exposed to potential cyber-attacks. In other words, it refers to the set of entry ports, touchpoints and vulnerabilities that can be exploited by an adversary to enter a system and cause damage to it. The larger the attack surface, the higher the risk of a successful attack. For this reason, p. 27it is important to minimise the attack surface of a system by eliminating vulnerabilities and limiting access only to those who need it.
See also: VULNERABILITY MANAGEMENT
Manadhata, P.K. and Wing, J.M., 2010. An attack surface metric. IEEE Transactions on Software Engineering, 37(3), 371–86, https://doi.org/10.1109/TSE.2010.60.
Manadhata, P.K. and Wing, J.M., 2010. An attack surface metric. IEEE Transactions on Software Engineering, 37(3), 371–86, https://doi.org/10.1109/TSE.2010.60.