logo

CWE-1125 - Excessive Attack Surface

CWE-1125

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Excessive Attack Surface

Description

The product has an attack surface whose quantitative measurement exceeds a desirable maximum.

Originating from software security, an "attack surface" measure typically reflects the number of input points and output points that can be utilized by an untrusted party, i.e. a potential attacker. A larger attack surface provides more places to attack, and more opportunities for developers to introduce weaknesses. In some cases, this measure may reflect other aspects of quality besides security; e.g., a product with many inputs and outputs may require a large number of tests in order to improve code coverage.

Related Weaknesses
  • Release Date:
  • 2019-01-03
  • Latest Modification Date:
  • 2024-02-29

Free security scan for your website