Technical Attack Surface
All potential entry points in an organization’s technology infrastructure
Architecture Reviews
Evaluate system design to identify weaknesses or misconfigurations
Software Composition Analysis (SCA)
Identifies and manages third-party components for security and compliance
Fuzzing
Injecting randommized data into executing code to find weaknesses in input handling
Operational Attack Surface
Encompasses the vulnerabilities that arise from day-to-day operations and human factors within an organization
User Factors
Potential risks introduced by users such as weak passwords, phishing susceptibility, or misuse of privileges
Enumeration and Discovery of Unsanctioned Accounts
Focuses on identifying unauthorized or orphaned user accounts that could be used by malicious actors to gain access to sensitive systems
Organizational Attack Surface
Encompasses vulnerabilities in external relationships and public-facing digital footprint
Enumeration and Discovery of Third-Party Connections
Involves identifying and assessing all external entities that have access to the organization’s systems or data
Enumeration and Discovery of Public Digital Presence
Map online assets, including websites, social media accounts, and publicly accessible systems, identifying potential exposure points for attackers
-
Governance28
-
Risk Management19
-
Compliance33
-
Resilient System Design45
-
Secure Architecture Design16
-
Security in Systems38
-
Access, Authentication, Authorization5
-
Hardware Security7
-
PKI Architecture39
-
Troubleshooting IAM15
-
Troubleshooting Network Infrastructure26
-
Cloud Security31
-
Specialized System Security9
-
Automated Security Operations7
-
Integrated Security and Automation16
-
Artificial Intelligence17
-
Vulnerabilities and Attacks26
-
Detection and Mitigation7
-
Threat Modeling Considerations5
-
Threat Modeling Frameworks15
-
Attack Surface Determination11
-
Indication Analysis19
-
REVIEW217
-
Cryptographic Types13
-
802.1x and Authentication Protocols9
