Mapping the MITRE ATT&CK Framework to API Security>
Security Boulevard – Nick Rago
With hundreds of contributors, the MITRE ATT&CK Framework has become a vital resource of open source knowledge for the security industry. CISOs and cybersecurity professionals around the globe rely on the framework to increase their understanding about different cyber-attack tactics, techniques and procedures (TTPs). With insights about TTPs relevant to their specific platform or environment, organizations gain tremendous value to combat cyber threats.

The Salt Security State of API Security Report found that the average number of APIs grew 82% from July 2021 to July 2022. During the same time period, API attack traffic surged 117%, from an average of 12.22 million malicious calls per month to an average of 26.46 million calls.

In our new White Paper, we have taken a close look at the MITRE ATT&CK Enterprise Matrix â essentially a superset of all the matrices. Many of the tactics in this matrix are also being applied in API attack campaigns. By analyzing where the tactics are being duplicated in API attacks, security leaders can better understand the attacker mindset and improve their API threat insights.

In our analysis, we have taken a deep dive into the following three common API security threats: Broken object level authorization (BOLA) Stolen credentials Leaky public APIs
Link: https://securityboulevard.com/2023/02/mapping-the-mitre-attck-framework-to-api-security/