Which strategy reduces the threat surface on a new web application?

Using hardening measures to remove unnecessary services is an effective strategy for reducing the threat surface of a new web application. The threat surface refers to the various points where an unauthorized user could attempt to enter data or extract data from an environment. By eliminating unnecessary services, you minimize the number of potential vulnerabilities that could be exploited by attackers.

Hardening a web application involves configuring it to improve security, which often includes removing features or services that are not needed for the application to function. Each unnecessary service could present an opportunity for exploitation, especially if it contains vulnerabilities. Therefore, by only enabling the essential components and services that the web application requires, you can significantly decrease the available attack vectors, making it much harder for potential threats to breach the application.

While end-to-end encryption, disabling external devices, and regular virus scanning are all important aspects of a comprehensive security strategy, they do not directly address the reduction of the threat surface in the same way that hardening does. They serve different roles in securing a web application, but they do not inherently lessen the number of potential entry points as effectively as removing unnecessary services.