Attack Surface Management

About this shelf

External Attack Surface Management (EASM) is the practice of continuously discovering, inventorying, and monitoring everything an organisation exposes to the public internet. The discipline emerged because traditional asset inventories — CMDBs, spreadsheets, agent-based tooling — consistently miss the things that matter most: forgotten subdomains, expired-but-still-resolving DNS records, third-party-hosted infrastructure, and shadow IT spun up outside central IT's view. Attackers do not respect organisational boundaries; they enumerate what is reachable, and that is the real attack surface.

Articles in this shelf cover the recurring exposure categories: open ports and unauthenticated services, certificate hygiene and SSL/TLS misconfigurations, dangling subdomains and DNS takeover risks, outdated and end-of-life web technologies, blacklisted IP space, email authentication gaps (SPF, DKIM, DMARC), API security weaknesses, DDoS exposure, and the passive vulnerability detection patterns that find issues without intrusive scanning. Each book explains what the exposure looks like in the wild, how attackers find it, and what a workable remediation path looks like.

If you are building or running an EASM programme, the order to read is: start with IP and asset discovery, move into the specific exposure categories that match your stack, then read the articles on continuous monitoring and prioritisation. Attack surface work is not a one-off project — it is an ongoing operational practice, and the value compounds when the data feeds into vulnerability management, threat intelligence, and incident response.