Type your search query and hit enter:
Software-as-a-Service Penetration Testing
THREATS, TACTICS AND PROCEDURES TTP
MITRE’S ATT&CK®
SaaS Pen Test
Initial Access to SaaS by Adversaries
1. Drive-by Compromise.
2. Phishing
3. Trusted Relationship.
4. Valid Accounts.
Persistence of Adversaries in the SaaS
1. Valid Accounts.
Privilege Escalation in the SaaS by Adversaries
1. Valid Accounts.
Defence Evasion of Adversaries in the SaaS
1. Use Alternate Authentication Material.
2. Valid Accounts.
Credential Access of the SaaS by Adversaries
1. Brute Force Attacks.
2. Steal Application Access Tokens.
3. Steal Web Session Cookies.
4. InSecure Credentials.
Discovery of SaaS’s Infrastructure by Adversaries
1. Account Discovery.
2. Cloud Service Discovery.
3. Permission Groups Discovery.
4. Software Discovery.
Lateral Movement by Adversaries on SaaS
1. Internal Spear-Phishing.
2. Use Alternate Authentication Material.
Collection of Data in the SaaS by Adversaries
1. Data from Information Repositories.
Impact of Software-as-a-Service (SaaS) Hacks
1. Endpoint Denial of Service.
2. Network Denial of Service.