attack-surface
Safeguard articles tagged "attack-surface" — guides, analysis, and best practices for software supply chain and application security.
11 articles
How to Discover Shadow and Undocumented APIs Before Attackers Do
A single undocumented API endpoint exposed 10 million Optus records in 2022. Here's how to find shadow APIs in production and assess their real exposure.
Multi-Stage Docker Builds: A Security Pattern, Not Just a Size Trick
Multi-stage builds are pitched as a way to shrink images. Their bigger payoff is security: build secrets, compilers, and toolchains that never reach production. Here is how to use them right.
Using jlink to Build Minimal, Lower-Attack-Surface Java Docker Images
jlink has shipped with every JDK since Java 9 in 2017, yet most Spring Boot images still ship a full 300MB+ JDK. Here's how to fix that.
Distroless vs Alpine: Which Base Image Is More Secure?
Alpine is tiny and familiar; distroless is tinier and shell-free. The right choice depends on what you value more — debuggability or a minimal attack surface. Here is the honest tradeoff.
Attack Surface Reduction: A Practical Guide
Attack surface reduction is the discipline of removing every input, interface, and privilege an attacker could reach that your system does not actually need. Here's how to inventory, shrink, and keep it small.
What is an Attack Surface
An attack surface is every exposed point attackers can use to get in — code, configs, credentials, and dependencies. Here's how to define, measure, and shrink it.
What Is Security Hardening?
Security hardening reduces a system's attack surface by removing what it does not need and configuring the rest safely. Learn the principles, benchmarks, and how to apply it.
Securing AI Agents: MCP Protocol Risks and Mitigations
The Model Context Protocol is transforming how AI agents interact with tools, but it introduces new attack surfaces. Here is what security teams need to understand.
Distroless Container Images: Stripping the Attack Surface to Nothing
Distroless images remove the shell, package manager, and everything else an attacker needs post-exploitation. Here is how to use them, what breaks, and whether the security tradeoff is worth it.
Threat Modeling the Software Supply Chain
Traditional threat modeling focuses on your code. Supply chain threat modeling extends to every tool, dependency, and process that touches your software. Here is how to do it systematically.
PWA Service Worker Attack Surface: What Security Teams Overlook
Service workers give Progressive Web Apps powerful offline and caching capabilities, but they also create a persistent attack surface that outlives the browser tab. Understanding this surface is critical.