Attack surface analysis and reduction is an exercise in risk reduction. The attack surface of an application represents the number of entry points exposed to a potential attacker of the software. The larger the attack surface, the larger the set of methods that can be used by an adversary to attack. The smaller the attack surface, the smaller the chance of an attacker finding a vulnerability and the lower the risk of a high impact exploit in the system. This course provides an understanding of the goals and methodologies of attackers, identification of attack vectors, and how to minimize the attack surface of an application. In this course, students will learn to define the attack surface of an application, and how to reduce the risk to an application by minimizing the application’s attack surface.
On successful completion of this course, learners should have the knowledge and skills to:
- Describe what an attack surface is
- Explain how the attack surface relates to risk
- Measure the attack surface of the system
- Minimize the attack surface of the system
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.