Abstract
A software system's attack surface metric measures the freedom of a potential attacker to influence the system's execution, potentially exploiting a security vulnerability. Existing attack surface metrics aim to measure the security impact associated with deploying an application or component; however, a systematic evaluation of various metrics' suitability for this purpose has not yet been performed. We outline a framework for formalizing code-level attack surface metrics and deployment-time activities that reduce the attack surface of an application. We also outline a tool for measuring the attack surface of a deployed web application, along with a method to retrospectively evaluate an attack surface metric over a corpus of known vulnerabilities.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
