[August 2016] Attack Vector

A vector in computing that exposes a method for malicious code to propagate itself or infect a computer, such as through input fields, protocols, interfaces, and services. Examples include user input fields allowing SQL injection, or an unsecured service in which sensitive data is exposed.

[August 2016] Attack Surface

The sum of the different points (attack vectors) where an unauthorized user can try to enter data or extract data from an environment. By reducing the number of entry points through reducing the amount of running code and unnecessary functionality, there are fewer security risks.