Attack Surface of any Operating System has the network as its essential components. After all, most hacking attempts and data theft are run over the network. In the world of networking, ports are as useful an entity as the IP addresses. In some old days, when there were few services and programs which would communicate over network (or the internet), the scene today is entirely different. Almost every software has an built in updater, we open tens of pages at once, have few chat programs open and then we have torrents which create hundreds of connections per minute. In all this chaos, a person would go mad if he had to look after the IP addresses and the ports to which the computer is communicating.
Attack Surface Analyzer allows you to find whether the software you are testing (either for the development of deployment) creates connections to other computers on the network or not. Depending on what you are expecting, the consequences would vary; nonetheless, Attack Surface Analyzer would show which ports are open and which program has them open. Later on, you can verify if the product under test is behaving as it should.
A malicious program would rather try to create extra connections from your computer to another machine on the internet or some intranet computer and transfer data. Such program may be a worm or would have been accidentally or intentionally shipped with the product. When such an action is taken, the program is most likely going to create a new connection to external machine. This would require a new port to be opened. When this happens, Attack Surface Analyzer can detect it. However, it is to be noted that Attack Surface Analyzer cannot do so automatically. It must be running a scan when that happens. More precisely, Attack Surface Analyzer must be enumerating ports on the machine. Enumerating Ports action in Attack Surface Analyzer is nothing but the process of discovery of the ports open on the system. Attack Surface Analyzer when performing this job, will also enlist the processes or more specifically the PIDs of the processes which have opened the concerned port. This is beneficial when you do not have a separate tool for doing the same. It also makes sure that the state of the ports is saved in .XML files. Most tools which feature port monitoring do it in a ‘live’ manner which means that the enumeration is manual process. This is not only tedious but also erroneous. Attack Surface Analyzer gets the job done in a sweet and simple manner.