This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Minimize attack surface area"
| (5 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
{{Template:Stub}} | {{Template:Stub}} | ||
| + | |||
| + | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| + | |||
| + | <br> | ||
| + | [[Category:OWASP ASDR Project]] | ||
| + | |||
| + | |||
| + | ==Description== | ||
Every feature that is added to an application adds a certain amount of risk to the overall application. The aim for secure development is to reduce the overall risk by reducing the attack surface area. | Every feature that is added to an application adds a certain amount of risk to the overall application. The aim for secure development is to reduce the overall risk by reducing the attack surface area. | ||
| Line 7: | Line 15: | ||
For example, a web application implements online help with a search function. The search function may be vulnerable to SQL injection attacks. If the help feature was limited to authorized users, the attack likelihood is reduced. If the help feature’s search function was gated through centralized data validation routines, the ability to perform SQL injection is dramatically reduced. However, if the help feature was re-written to eliminate the search function (through better user interface, for example), this almost eliminates the attack surface area, even if the help feature was available to the Internet at large. | For example, a web application implements online help with a search function. The search function may be vulnerable to SQL injection attacks. If the help feature was limited to authorized users, the attack likelihood is reduced. If the help feature’s search function was gated through centralized data validation routines, the ability to perform SQL injection is dramatically reduced. However, if the help feature was re-written to eliminate the search function (through better user interface, for example), this almost eliminates the attack surface area, even if the help feature was available to the Internet at large. | ||
| − | == | + | |
| + | ==Examples== | ||
| + | |||
| + | ===Short example name=== | ||
| + | : A short example description, small picture, or sample code with [http://www.site.com links] | ||
| + | |||
| + | ===Short example name=== | ||
| + | : A short example description, small picture, or sample code with [http://www.site.com links] | ||
| + | |||
| + | |||
| + | ==Related [[Vulnerabilities]]== | ||
| + | |||
| + | * [[Vulnerability 1]] | ||
| + | * [[Vulnerabiltiy 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Controls]]== | ||
| + | |||
| + | * [[Controls 1]] | ||
| + | * [[Controls 2]] | ||
| + | |||
| + | |||
| + | ==References== | ||
| + | |||
| + | * http://www.link1.com | ||
| + | * [http://www.link2.com Title for the link2] | ||
| + | |||
| + | |||
| + | |||
| + | __NOTOC__ | ||
| + | |||
| + | |||
| + | |||
[[Category:Principle]] | [[Category:Principle]] | ||
Latest revision as of 22:20, 7 April 2009
This is a principle or a set of principles. To view all principles, please see the Principle Category page.
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Last revision (mm/dd/yy): 04/7/2009
Description
Every feature that is added to an application adds a certain amount of risk to the overall application. The aim for secure development is to reduce the overall risk by reducing the attack surface area.
For example, a web application implements online help with a search function. The search function may be vulnerable to SQL injection attacks. If the help feature was limited to authorized users, the attack likelihood is reduced. If the help feature’s search function was gated through centralized data validation routines, the ability to perform SQL injection is dramatically reduced. However, if the help feature was re-written to eliminate the search function (through better user interface, for example), this almost eliminates the attack surface area, even if the help feature was available to the Internet at large.
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Vulnerabilities
Related Controls
