loading
Loading content
loading
The attack surface is every place an attacker can interact with a system: open ports, web applications, APIs, exposed credentials, third-party integrations, and the people who can be phished. It grows with each new service, cloud account, and acquisition, and it shrinks when teams decommission assets or close access. Most organizations underestimate their surface because shadow IT, abandoned subdomains, and forgotten staging hosts never make it into an asset register.
For offensive work the surface defines where you start. A penetration tester or red team enumerates it to find the weakest reachable entry point, since attackers go after the host nobody remembers rather than the hardened production app. Defenders use the same map to decide what to patch, monitor, or take offline first.
The surface divides into an internet-facing slice, the focus of external attack surface management, and internal systems reachable after a foothold. Building and maintaining the map is the job of attack surface management and asset discovery, while exposure management ranks the risk each point carries.
In a Trickest workflow you enumerate domains, subdomains, IP ranges, and services automatically, then re-run on a schedule so the inventory tracks the surface as it changes instead of going stale between audits.
Related terms