Which of the following increases when additional functionality is added to an application?
- attack surface
The attack surface consists of functionalities that a malicious individual might compromise. As you add functionality, you also increase the attack surface. Determining the attack surface will help you identify the different components that can be attacked, and reviewing the architecture one or more new ports to be opened on the firewall, which increases the attack surface of the organization.
A vulnerability is a susceptibility to a threat that exists in a system.
A threat is an external danger. A system may or may not be vulnerable to a specific threat. A threat is a potential danger that could take advantage of a system if it is vulnerable. For example, there might be threat to SQL servers but if you use Oracle, it is not a vulnerability, only a threat. Because threats are external, they are not affected by increasing functionality.
Risk may be increased IF a vulnerability is created but not unless, therefore it is not the best answer. Risk is the likelihood that an external threat leverages an internal vulnerability. We reduce the risk of a breach when we apply controls that mitigate the likelihood or the impact of the threat.
Objective: Attack Methods
Sub-Objective: Compare and contrast an attack surface and vulnerability