CRV2 ReducingAttSurf


 * Reduce by having all pages HTTPS
 * Does this function/feature have to be available over HTTP?
 * Is the function available to non-authenticated users?
 * Does the function invoke a backend task that could be used to deny other legitimate users?
 * E.g. if the fn writes to a file, or sends an SMS, or causes a CPU intensive calculation, could an attacker write a script to call the fn many times per second and prevent legimate users access to that task?
 * Does new code change the attack surface? Does it open new ports or accept new inputs?  Could it be done in a way that does not increase the attack surface?
 * Are searches controlled? Search is a risky operation as it typically queries the database for some criteria and returns the results, if attacker can inject SQL into query then they could access more data than intended
 * Is important data stored separately from trivial data (in DB, file storage, etc)
 * If file uploads are allowed, should they be authenticated? Is there rate limiting?  Max file size? Virus checking?
 * If you have admin users with high privilege, are their actions logged/tracked in such a way that they a) can't erase/modify the log and b) can't deny their actions?
 * Are there any alarms or monitoring to spot if they are accessing sensitive data that they shouldn't be?
 * Will changes be compatible with existing countermeasures, or security code, or will new code/countermeasures need to be developed?
 * Is the change attempting to introduce some non-centralized security code module, instead of re-using or extending an existing security module?
 * Is the change adding unnecessary user levels or entitlements that will complicate the attack surface.
 * Is the change storing unnecessary PII or confidential data?
 * Does application configuration cause the attack surface to vary greatly, and is that configuration simple to use and alert the administrator when the attack surface is being expanded?
 * Could the change be done in a different way that would reduce the attack surface, i.e instead of making help items searchable and storing help item text in a database table beside the main username/password store, providing static help text on HTML pages reduces the risk through the 'help' interface.