Software-as-a-Service Penetration Testing

THREATS, TACTICS AND PROCEDURES TTP
MITRE’S ATT&CK®
SaaS Pen Test
Initial Access to SaaS by Adversaries
1. Drive-by Compromise.
2. Phishing
3. Trusted Relationship.
4. Valid Accounts.
Persistence of Adversaries in the SaaS
1. Valid Accounts.
Privilege Escalation in the SaaS by Adversaries
1. Valid Accounts.
Defence Evasion of Adversaries in the SaaS
1. Use Alternate Authentication Material. 
2. Valid Accounts.
Credential Access of the SaaS by Adversaries
1. Brute Force Attacks.
2. Steal Application Access Tokens. 
3. Steal Web Session Cookies. 
4. InSecure Credentials. 
Discovery of SaaS’s Infrastructure by Adversaries
1. Account Discovery. 
2. Cloud Service Discovery. 
3. Permission Groups Discovery. 
4. Software Discovery. 
Lateral Movement by Adversaries on SaaS
1. Internal Spear-Phishing.
2. Use Alternate Authentication Material.
Collection of Data in the SaaS by Adversaries
1. Data from Information Repositories. 
Impact of Software-as-a-Service (SaaS) Hacks
1. Endpoint Denial of Service. 
2. Network Denial of Service.  

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.