TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Securing APIs: 10 Best Practices for Keeping Your Data and Infrastructure Safe

2020-08-06 · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
69%
“8 verizon, 9and others — have suffered significant data breaches as a result of api attacks. it ’ s imperative for all companies, not just large ones, to secure all apis, particularly those that are publicly available. common attacks against web apis apis are susceptible to many …”
T1190Exploit Public-Facing Application
58%
“breaches for enterprise web applications. ” 1 figure 1 : web apis connect to an endpoint : the location of the web server and supporting databases in worst case, it ’ s not just your data that is potentially at risk but also your infrastructure. by exploiting a vulnerable api, at…”
T1557.001Name Resolution Poisoning and SMB Relay
41%
“, typically by flooding it with more traffic than it can handle. api endpoints are among the growing list of ddos targets. - man - in - the - middle ( mitm ) attacks occur when an attacker intercepts traffic between two communicating systems and impersonates each to the other, ac…”
T1557Adversary-in-the-Middle
35%
“, typically by flooding it with more traffic than it can handle. api endpoints are among the growing list of ddos targets. - man - in - the - middle ( mitm ) attacks occur when an attacker intercepts traffic between two communicating systems and impersonates each to the other, ac…”

Summary

As organizations make more of their APIs publicly available, it’s important they understand the potential risks of data exposure and establish best practices for securing all APIs.