veilscan
Get started
Features Pricing About Blog FAQ Compare Use Cases Get started free →
Glossary

Attack Surface

The complete set of entry points an attacker could use
Quick Answer: An attack surface is the complete set of entry points, interfaces, and exposure that an attacker could potentially use to interact with or compromise a system. For a company, this includes every publicly reachable service, subdomain, open port, API, web application, and configuration that could be exploited from outside the network perimeter.

What makes up an organisation's attack surface?

An organisation's attack surface includes:

  • Network attack surface — open ports, exposed services (SSH, FTP, RDP, databases), and any service reachable from outside the network
  • Web application attack surface — web applications, APIs, authentication endpoints, and all publicly accessible web resources
  • Software attack surface — all software running on internet-facing systems, including libraries, frameworks, and dependencies
  • Human attack surface — employees, credentials, phishing susceptibility, and social engineering targets (typically assessed separately from external scanning)
  • Cloud attack surface — cloud storage, cloud-hosted services, misconfigured cloud resources, and cloud-based infrastructure

What is the difference between internal and external attack surface?

The external attack surface is the portion visible from the public internet — everything an attacker outside your network can see and interact with. This includes public DNS records, HTTPS services, APIs, subdomains, and cloud assets with public endpoints.

The internal attack surface covers systems accessible only from inside the network — internal services, databases, servers on private IP ranges, and VPN-protected infrastructure. This requires either physical network access or a compromised internal foothold to reach.

VeilScan scans the external attack surface only. Internal attack surface assessment requires a manual penetration test or credentialed internal scanner.

Why does attack surface grow over time?

Attack surface grows as organisations add services, deploy new infrastructure, create subdomains, and integrate third-party tools. Development velocity increases attack surface faster than security reviews can track it. Old services are forgotten without being decommissioned. Cloud resources are created by individual teams without central oversight.

Attack surface reduction is the practice of actively minimising the exposed attack surface: decommissioning unused services, removing unnecessary open ports, requiring authentication on exposed interfaces, and monitoring for new exposure continuously.

What are common questions about Attack Surface?

What does Attack Surface mean in cybersecurity?

Attack Surface describes a security concept that affects how teams understand, monitor, and reduce external exposure across internet-facing assets.

Why does Attack Surface matter for external attack surface monitoring?

It matters because attackers continuously inspect public assets. Tracking this concept helps teams reduce exploitable exposure before it becomes a breach path.

How does VeilScan help with Attack Surface?

VeilScan discovers public assets, validates findings with proof, prioritises issues by business impact, and explains remediation in reports built for engineering and leadership.

What related terms should you read next?

See your attack surface. VeilScan's free scan discovers all publicly visible assets for one domain — no credit card required. Start your free scan → · Back to glossary