Attack Surface Glossary
An asset is a tuple of a hostname, a record type, an IP address and when applicable a record value. For instance a CNAME may point to another CNAME and so on, so where it points and the IP address it finally resolves to would be a constituent part of the asset. Assets represent Internet connected or internal network connected devices. An asset may include, but not limited to web servers, name servers, IoT devices, network printers, etc. Three examples might be:
Asset 1: www.example.com,A,123.123.123
Asset 2: www.foo.com,CNAME,www.bar.com,220.127.116.11
Asset 3: www.foo.com,CNAME,www.bar.com,18.104.22.168
In this way, you may have a single hostname with multiple assets associated with it, to ensure that all of the application virtual hosting code is properly exercised. This is a frequent feature of round robin DNS, and therefore important to find applications that are incorrectly configured within a cluster, or when geographically diverse.
A complete collection of an organization’s assets and associated metadata of each asset.
Asset management refers to monitoring, configuring, and maintaining of assets.
From the network perspective of an adversary, the complete asset inventory of an organization including all actively listening services (open ports) on each asset.
Autonomous System Number (ASN)
An ASN is a unique number that's available globally to identify an autonomous system and which enables that system to exchange exterior routing information with other neighboring autonomous systems.
Content Delivery Network (CDN)
A CDN refers to a geographically distributed group of servers which work together to provide fast delivery of Internet content.
Discovery refers to the act of identifying assets.
A domain name is a label that identifies a network domain. Domain names are used to identify Internet resources, such as computers, networks, and services, with an easy-to-remember text label that is easier to memorize than the numerical addresses used in the Internet protocols.
Example: foo.tld is the domain name of URL http://www.foo.tld/index.html.
Refers to the accessibility of an asset that can be connected to from across the Internet.
A device connected to a network that communicates with other hosts on the network.
A unique name given to any device that is connected to a specific computer network, typically appended to a domain name, and resolves to an IP-address using the Domain Name System (DNS).
Example: ‘bar’ is the hostname of bar.foo.tld.
Refers to the accessibility of an asset that cannot be connected to from across the Internet, and generally resides on an internal network (i.e. Intranet).
A hostname that no longer resolves to an IP-address.
Internet-accessible, internet-connected, internet-facing.
Refers to an asset that can be connected to over the Internet. While the terms above are often used interchangeably, Internet-accessible considered the preferred term.
A set of data that describes and gives information about an asset. Metadata may include, but not limited to geolocation, operating system, open ports, service banners, TLS certificate details, etc.
Reconnaissance / Recon
The act of finding assets.
Routable / Non-Routable
Refers to a type of IP-address where network traffic can be routed to over the Internet. As defined by RFC-1918, there are certain IP-address ranges where network traffic cannot be routed to over the Internet, which are referred to as ‘non-routable’ IP-addresses or ‘private’ IP-space.
Non-Routable IP-Addresses (RFC-1918)
10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
Open / Listening Service
Short for open ports on a server, or a service on the server that responds to network requests.
Scan that analyzes a server to determine which ports are open.
A subdomain is a domain name with a hostname appended, which is sometimes more accurately described as a fully qualified domain name (FQDN).
Top-Level Domain (TLD)
Refers to the last segment of a domain name, the part following immediately after the “dot” symbol. The most common and familiar TLDs are .com, .net, and .org.
Example: TLD is the Top-Level Domain name of the domain name bar.foo.tld
There are many other TLDs, such as .co.uk and co.jp, which are technically not TLDs because they are not located at the ‘top level’ of the domain. These types of domains which are referred to as effective TLDs (eTLDS) because they serve a branching point for domain name registrars.
A configuration option for Apps that establishes how often the app should try to get new data.
Refers to a method for hosting multiple hostnames or domain names, with separate handling of each name, on a single server.