The attack surface is all possible points where attackers can try to enter or exploit a system.
It is usually divided into:
- Digital Attack Surface (online & network systems)
- Physical Attack Surface (devices & hardware)
- Human Attack Surface (people & behaviors)
1. Digital Attack Surface
All network-connected and software-based assets that could be exploited.
This includes web apps, APIs, cloud services, email servers, and operating systems.
Common Threats
- System compromise (exploiting software flaws)
- Spam / phishing emails
- DDoS attacks (overloading servers)
- SQL Injection (database manipulation)
- XSS (Cross-Site Scripting)
- CSRF (Cross-Site Request Forgery)
Web Applications & APIs & Mobile
Cloud Attack Surface