Back to Glossary

Glossary Term

Attack Surface Discovery

The process of identifying all internet-facing assets that attackers can see and target.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Short definition: The process of identifying all internet-facing assets that attackers can see and target.
1 min read

What it is

Attack surface discovery maps every exposed asset a business owns-domains, subdomains, IP addresses, cloud resources, open ports, APIs, and forgotten test environments. Tools scan DNS, SSL certificates, ports, and services to uncover both known and unknown assets.

It forms the foundation of External Attack Surface Management (EASM), ensuring businesses understand their exposure exactly the way attackers do.

Why it matters

Most breaches begin with an exposed port, misconfigured cloud bucket, or abandoned subdomain. Businesses often have "shadow assets" created by vendors, old employees, or testing processes.

If you cannot see your attack surface, you cannot defend it.

How to reduce risk

  • Run automated continuous discovery
  • Monitor for newly created domains and subdomains
  • Remove unused or legacy endpoints
  • Identify open ports and outdated services
  • Track cloud resources across providers
  • Integrate discovery into onboarding/offboarding workflows

Related Terms

External Resources

  • OWASP ASVS Asset Identification: https://owasp.org/www-project-application-security-verification-standard/
  • MITRE ATT&CK Initial Access: https://attack.mitre.org/tactics/TA0001/