25 August 2019

Information Security: Attack Surface (Definitions)

"The attack surface of a software environment is the code within a computer system that can be run by unauthenticated users. This includes, but is not limited to, user input fields, protocols, interfaces, and services." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"The total vulnerabilities of a system that can be exploited by an attacker." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"Components available to be used by an attacker against the product itself." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"The avenues of attack that are available to an attacker by virtue of those avenues being exposed in some manner." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"The reachable and exploitable vulnerabilities in a system." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

 "The sum of all externally addressable vulnerabilities within an environment or system." (Forrester)

No comments:

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.