Attack Surface Description Language
Documenting and describing attack surfaces is a common tactic in parts of the industry for various reasons. Some for open design, and others for penetration testing. Either way, there is no standardized methods for documenting attack surfaces. This paper presents an Attack Surface Description Language (ASDL), a way to describe and present a device’s attack surfaces. These surfaces can be documented as known or unknown in a way that allows Blackbox testers to use ASDL as well. Complex structures can also be represented with dependencies on lower-level structures. Ease of use and flexibility was also taken into account in the design of ASDL to make it more efficient and less tedious to use.