Blog 9

This is another key step in the Secure SDLC. It aims to reduce the risk by giving an attacker fewer opportunities to exploit a weakness or a vulnerability in a product. This step applies the least privilege principle by understanding the attack surface of the application and aiming to reduce it. This step also employs layered defenses.

What is the attack surface?  It is the combination of code, interfaces, services, and protocols available to all users – authenticated and unauthenticated and remote and local users. It is all the entry points into the application.

Attack Surface Analysis identifies those entry points and challenges if they are required or if they can be removed, disabled, or if additional protections can be implemented.  

Attack Surface Reduction aims to reduce the amount of code that is accessible to untrusted users.

The Threat Model is key in understanding the Attack Surface of an application, because there we documented all entry points and trust levels.  

Once we have this understanding, we again ask questions. These questions are basically the same each time, so this again can be easily implemented. Some of the questions are:

• Is this feature or service really required? If No, remove: if Yes, then:
  • Is this feature or service remotely accessible? If Yes, then:
    • Does it really need to be remotely accessible? If Yes, then:
      • Is the feature accessible to unauthenticated users? If Yes, then:
        • Does it need to be accessible to unauthenticated users? If No, disable that access; if Yes, then:
          • Is feature executing with least privileges? If No, apply the lowest set of privileges

The easiest is to write this as a flow diagram.  The teams will go through it a few times and learn this way of thinking rather quickly.