Wednesday, June 26, 2019
New and popular frameworks such as MITRE ATT&CK have aided organizations in extending their previous kill-chain models to be more focused on the actual tactics, techniques, and procedures (TTPs) that attackers are using in the real world. And while MITRE ATT&CK was originally designed for Windows-based enterprise networks, the same concepts can apply to application security.
In order to properly defend against adversaries, an organization must be aware of the specific TTPs used at each phase of an attack.
In this webcast, we will take a lifecycle approach to understanding web app attacks, share examples of the tools and techniques used in each phase, and the defenses security teams can employ to protect their applications.
This will include an analysis of:
- Attacker preparations and anonymity
- Enumeration and Scanning
- Gaining credentialed access to applications and accounts
- Exploitation and detection evasion
- Abuse of APIs
- Pivoting to do damage after an exploit