# Attack surface The attack surface of a system is the combination of all possible ways to attack it (i.e., [[Attack vectors]]. If we consider a mult-tier architecture, then the system may be attacked via the front-end, via an API gateway, via API endpoints, via the infrastructure, via software-supply chain attacks, via side-channels, etc. There are countless ways! Reducing the attack surface is about trying to reduce the number of potential attack vectors.