This task was an explanation of attack vector and attack surface.

Attack vector

Is the weapon a hacker might use like:

  • Phishing emails; Deceptive emails that are often impersonating someone and asking the victim to perform an action that compromises their security.
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks; Sending so many requests to a website or web application that it reaches its limits and can no longer serve legitimate requests.
  • Web drive-by attacks; Flaws in web browsers that compromise the security of the victim by merely visiting a website.
  • Unpatched Vulnerability exploitation; A flaw in the internet-facing infrastructure, such as the web server or the network interface, that is exploited to take control of the infrastructure.

Attack surface

Is the area which is suspect of an attack, like:

  • An email server that is used for sending and receiving emails.
  • An internet-facing web server that serves a website to visitors.
  • End-user machines that people use to connect to the network.
  • Humans can be manipulated and tricked into giving control of the network to an attacker through social engineering.

Updated: