Attack surface

The attack surface of a software environment is the sum of the different points (the 'attack vectors') where an unauthorized user (the 'attacker') can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure. The attack surface of a software environment is the sum of the different points (the 'attack vectors') where an unauthorized user (the 'attacker') can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure. Examples of attack vectors include user input fields, protocols, interfaces, and services. Due to the increase in the countless potential vulnerable points each enterprise has, there has been increasing advantage for hackers and attackers as they only need to find one vulnerable point to succeed in their attack.