Attack surface is the general term for the areas of a system, device, or network that contain security vulnerabilities that may be exploited. The attack surface of an organization’s computer systems and devices can often vary significantly depending on what they are used for and how they have been configured. This is not to be confused with “attack surface in ethical hacking”, which relates to the potential risk posed by vulnerabilities within a given operating system or application installed on a computing device.
In practice, this method can be used to determine if a device is vulnerable to known and unknown forms of attack, one example of this would be to analyze the operating system an attacker might use.
For example, if an organization’s IT infrastructure uses the Linux operating system for its email platform, then it is possible that this could be subject to an attack using the shell shock vulnerability. Attack surfaces can also be examined for vulnerabilities in non-operating system software, as well as hardware devices like switches and routers – though these are typically harder to patch.
In practice, this method can be used to determine if a device is vulnerable to known and unknown forms of attack, one example of this would be to analyze the operating system an attacker might use.
For example, if an organization’s IT infrastructure uses the Linux operating system for its email platform, then it is possible that this could be subject to an attack using the shell shock vulnerability. Attack surfaces can also be examined for vulnerabilities in non-operating system software, as well as hardware devices like switches and routers – though these are typically harder to patch.