Attack Surface Reconnaisance – Strategies and the Value of Standardization

The Attack Surface of an application is, put succinctly, wherever data can enter or exit the app. Attack-surface analysis describes the methods used to describe the vulnerable parts of an application. There are formal processes, such as the Relative Attack Surface Quotient (RASQ) developed by Michael Howard and other researchers at Microsoft that counts a system's attack opportunities and indicates an app's general attackability. There are programmatic means available through scanners and manual methods, involving navigating a site directly, documenting weak points via screenshots and other notes. We'll talk about low- and high-tech methods you can use to focus your attention on profitable lines of attack, in addition to methods you can use to find hidden or leftover content not listed on the sitemap.