[OWASP-METRICS] Attack surface

Jeff Williams jeff.williams at aspectsecurity.com
Thu Sep 16 16:29:08 EDT 2004

Hi everyone. I keep reading articles that use the concept of "attack
surface" to describe how attackable an application actually is.  But I've
never seen the concept explored very deeply. For a web application, it seems
to me that the attack surface is strictly limited to the range of allowed
HTTP requests. Anyone interested in helping model this?  Seems to me that it
shouldn't be too hard, would be really useful, and is likely to be


Jeff Williams, CEO
Aspect Security, Inc.
work: 410-707-1487
main: 301-604-4882

More information about the Owasp-metrics mailing list