# Attack Surface

### What is an Attack surface?

An attack surface refers to all the possibilities where an attacker, hacker or an unauthorized user attempts to exploit or get data from a system. A system here can be anything such as hardware, software, network interfaces and even a human vulnerabilities (which is also called social engineering).\
\
Let's take an example:

<figure><img src="/files/cpXumvd0JawU1QZBmSTV" alt=""><figcaption><p>a house</p></figcaption></figure>

Think of  this house, it has a door, multiple windows, a garage and there could be a backdoor on the other side of this house. Now, let's think of a thief who come here to loot jewelry or cash, he has multiple options to invade the house, why? because this house featuring multiple things which are interesting, looks cool and awesome and all but the more things we add in the house the more options thief will have to invade this house.\
\
So when a system introduce more features, the more attack surface will increase.

A larger attack surface means more potential vulnerabilities, making it easier for an attacker or hacker to find the entry point.

### Why is Attack surface important?

The more the doors and windows this house has, the easier it is for a thief to find a weak spot to enter.\
Same goes for systems, the larger the attack surface, the higher the risk of security breaches and more chances for hacker to exploit.

### Where does an Attack surface exist?

Attack surface exist anywhere there's technology connected to a network such as :&#x20;

* Personal computers or phones.
* Websites or apps.
* Company servers or database.
* Smart devices like security cameras, smart Tv.

### When is the Attack surface becomes a problem?

An attack surface becomes a problem when it has weak spots that hacker can exploit.\
For example:

* If you use an old password that has been leaked online somewhere, that's a weak point.
* If you use same password for all the platforms then it will become a big problem, that's a worst point.
* If your company website has outdated software, hackers might exploit it.
* If employees click on suspicious emails, they might accidentally let hackers in the system.

### How can you reduce the Attack surface?

Just like locking the doors and windows properly and add security cameras, you protect your house.

Same goes for digital systems:

* Keep your software up to date to fix security holes.
* Use strong passwords , not like 123456789 or password or anything simple. (If you going to ask me then combine multiple things like any 4 letters of your family name and combine it with your dob or company's boss number , well there are infinite possibilities)
* Limit the access - Only give access to people who have your trust and really need it.
* Be careful with emails and links - make sure to report any suspicious link or mail you get.
* Use security tools like Firewalls and antivirus software which helps protect your system.

#### Let's take an another example:

Imagine you own a store. You have:

* A front door (website login page).
* A backdoor (admin access panel).
* A cashier who handles money (customer payment system).

If you leave the backdoor unlocked or the cashier isnt trained to check for fake money, a thief can easily steal from you. That's a big attack surface.

To reduce the attack surface, you will have to:

1. Lock the backdoor (Secure the admin panel)
2. Train the cashier to  spot scams (educate employees on suspicious emails or links).
3. Install security cameras (use firewalls and monitoring tools).

> The smaller the attack surface, the safer your system is, just like securing your home or store. Cybersecurity is about closing the unnecessary doors (ports, endpoints, etc) and keep the important ones locked.

### There are 3 main types of attack surface:

### 1. Network attack surface -&#x20;

Basically doors or windows of your house, any entry points which leads inside your house. If you leave the door unlocked or a window open, thief can sneak in.

let's dive in network a little bit --

This involves all network-accessible vulnerabilities in a system like open ports, services or exposed protocols which can be targeted by an attacker.&#x20;

Examples:

* Using weak credentials (an open door for hackers).
* Leaving important services (like security cameras) accessible to any person whom you don't know.
* For systems, there could be an exposed APIs.

### 2. Software Attack surface.

Weak spots in the house's walls, like cracks that burglars can exploit to break in when you're not around.

This includes vulnerabilities in applications, operating systems and installed software.

Example:

* Clicking on suspicious links that install viruses or give another person authority to pretend to be you.
* Using outdated software that has security holes like having a broken lock or maybe broken connection for security cameras.
* Downloading apps from untrusted sources that secretly steal your information.

### 3. Human Attack surface.

These attacks exploit human psychology rather than technical vulnerabilities.

It's like instead of breaking in , the thief may trick you into letting them in.

Example:

* Fake emails that look real, asking for your password.
* Phone calls pretending to be your bank , asking for your details.
* A stranger offering you a free USB drive, maybe you are clever not to take it from a stranger but they might drop their USB drives around you , so you can pick it up and use it, which contains a virus (a fake gift with hidden danger, like a teddy bear which looks good but it might has a camera or mic to record).

### Other Attack surfaces:

1. Physical attacks - stealing your phone or laptop to access your data.
2. Supply Chain attack - Buying a product which is already infected like a teddy bear i told you about along with hidden camera.
3. Cloud attacks - Storing personal data in the cloud without proper security like posting something which have your personal data, could be your ATM card or anything on a public profile.

## Attack Surface Analysis

Attack surface analysis is all about identifying and reducing potential ways an attacker could get into a system.

OWASP ZAP (Zapproxy)

Owasp zap is widely used open-source DAST tool developed by OWASP. It is designed to help security professionals and developers identify vulnerabilities in web apps through automated and manual security testing.

> To install and learn about owasp zap in your operating system follow the docs provided by owasp - <https://www.zaproxy.org/docs/>

OWASP Juice Shop:

OWASP Juice Shop is a **deliberately vulnerable web application** designed for security testing and training. It is widely used by ethical hackers, security professionals, and developers to learn about **web vulnerabilities** in a **safe, controlled environment**.

Juice Shop is commonly deployed on **Kali Linux, Docker, or XAMPP/LAMP servers**. It is widely used in **penetration testing training and ethical hacking labs**.

> To install Owasp Juice shop and run locally follow : <https://github.com/juice-shop/juice-shop>

### Let's begin the analysis:

Deploy Juice Shop on Kali (or Docker or whatever you're comfortable with)

<figure><img src="/files/xg7a2IuCigqMD2Wz1U00" alt=""><figcaption><p>Home Page</p></figcaption></figure>

Copy the URL.

Let's open Zap proxy now:

<figure><img src="/files/1LiFFjdTYn4nSt45rHen" alt=""><figcaption><p>Home Screen</p></figcaption></figure>

For automated scanning click on Automated Scan.

I would recommend you to use spider to crawl the entire site, if this does not work properly use Forced Browse, so zap proxy can have the entire map of juice shop.

<figure><img src="/files/lPAXmiNOI9fPHvbDtG7K" alt=""><figcaption><p>Spider tab</p></figcaption></figure>

Paste the URL in the URL to attack section.

Before you start attacking I again recommend you to use spider or ajax spider or forced browse to get the map of the entire site.

Yes, It will take some time to map the entire site, so grab a cup of coffee and wait.

<figure><img src="/files/JPYGy39V8IBnPxFJnRDd" alt=""><figcaption><p>Using AJAX</p></figcaption></figure>

As you can see the AJAX is creating the map. After AJAX completes its scanning you can already that there are already alerts which are showing vulnerabilities in the Juice Shop.\
But lets start real Attack now.\
When you click on the Attack button, it will again scan with AJAX , do not worry after scanning it will switch on the ACTIVE SCAN.

<figure><img src="/files/1dbviEeqeMV3XcfTZMMN" alt=""><figcaption><p>Active Scanning</p></figcaption></figure>

Now switch to Alert tab.

<figure><img src="/files/V1tgAB4ZMPjJZ0byUfzx" alt=""><figcaption><p>Alert Tab</p></figcaption></figure>

As you can see there are multiple vulnerabilities Owasp Zap has found.

You can click on the vulnerability to get the details.

<figure><img src="/files/4drdRiZjXvkTxpsB16ax" alt=""><figcaption></figcaption></figure>

Not only it shows the details it will also show the solution to minimize the vulnerability.

When you check the Juice shop, you will see some of the challenges you have cleared.

> OWASP ZAP is a **fantastic learning tool** when used **ethically and responsibly**. Always run scans on **controlled environments** like Juice Shop or DVWA. If used improperly, it can **cause harm** instead of helping.
>
> 🔐 **Remember:** Security is a responsibility. Never test on systems you don’t own or have permission for!


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kaizoku.gitbook.io/notes/extras/attack-surface.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.