Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Glossary > Attack surface

What is Attack surface?

Attack surface Definition: Different security testing methods find different vulnerability types.

Understanding Attack surface

Different security testing methods find different vulnerability types. The attack surface represents the sum of all points where an unauthorized user might extract data or gain access to a system, including network interfaces, APIs, user interfaces, protocols, services, and even physical access points. A larger attack surface typically means increased vulnerability exposure. Security frameworks like NIST CSF and ISO 27001 emphasize attack surface reduction as a key security strategy. Organizations implement attack surface management through regular assessments, network segmentation, service minimization, and continuous monitoring. For example, a cloud service provider might reduce their attack surface by disabling unnecessary services, implementing strict network controls, and restricting administrative access to critical infrastructure. Related terms: Attack vector, Vulnerability management, Threat modeling, Defense in depth, Security posture.

Learn More About Attack surface:

Explore the ISO/IEC 27001 Information Security Management Standard for more context

Related Cybersecurity Terms

Twofish
Application Security
Common Vulnerability Scoring System CVSS
Infrastructure as Code IaC Security
Back to Glossary