EPFL Logo
fr|en
Login
Concept

Attack surface

The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to, extract data, control a device or critical software in an environment. Keeping the attack surface as small as possible is a basic security measure. Worldwide digital change has accelerated the size, scope, and composition of an organization's attack surface. The size of an attack surface may fluctuate over time, adding and subtracting assets and digital systems (e.g. websites, hosts, cloud and mobile apps, etc). Attack surface sizes can change rapidly as well. Digital assets eschew the physical requirements of traditional network devices, servers, data centers, and on-premise networks. This leads to attack surfaces changing rapidly, based on the organization's needs and the availability of digital services to accomplish it. Attack surface scope also varies from organization to organization. With the rise of digital supply chains, interdependencies, and globalization, an organization's attack surface has a broader scope of concern (viz. vectors for cyber attacks). Lastly, the composition of an organization's attack surface consists of small entities linked together in digital relationships and connections to the rest of the internet and organizational infrastructure, including the scope of third-parties, digital supply chain, and even adversary-threat infrastructure. An attack surface composition can range widely between various organizations, yet often identify many of the same elements, including: Autonomous System Numbers (ASNs) IP Address and IP Blocks Domains and Sub-Domains (direct and third-parties) SSL Certificates and Attribution WHOIS Records, Contacts, and History Host and Host Pair Services and Relationship Internet Ports and Services NetFlow Web Frameworks (PHP, Apache, Java, etc.) Web Server Services (email, database, applications) Public and Private Cloud Due to the increase in the countless potential vulnerable points each enterprise has, there has been increasing advantage for hackers and attackers as they only need to find one vulnerable point to succeed in their attack.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.