LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Attack surface evaluation

Attack surface evaluation

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Attack surface evaluation

“

- [Instructor] By minimizing your application's attack surface, you can reduce both the likelihood and impact of any attacks launched against your application. Before you can take action to reduce that risk though, you'll want to perform an attack surface evaluation. Attack surface evaluation is the process of identifying all the parts of your application and the underlying app infrastructure that an attacker might target. Once you've got a solid idea of what that attack surface looks like, you'll also want to identify any mitigating controls you already have in place. This will help you pinpoint any missing controls that you may want to implement. Consider your application from an attacker's point of view. Specifically, I want you to think like an unauthorized outsider. You are sitting at your laptop staring at the login page for an app that you plan to attack. Where do you start? One area of your application's attack surface is the login interface, as well as all the usernames…

Contents