Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

Mapping the MITRE ATT&CK Framework to API Security

Nick Rago
Feb 9, 2023

With hundreds of contributors, the MITRE ATT&CK Framework has become a vital resource of open source knowledge for the security industry. CISOs and cybersecurity professionals around the globe rely on the framework to increase their understanding about different cyber-attack tactics, techniques and procedures (TTPs). With insights about TTPs relevant to their specific platform or environment, organizations gain tremendous value to combat cyber threats.

The downside is that while the framework has many matrices, at this time, it has no specific API security matrix. Yet we all know that API security threats have skyrocketed, just as their usage has surged with enterprise digitalization initiatives. In fact, APIs now represent the largest attack vector for modern applications.

Defend yourself from API attacks by leveraging this security framework

The Salt Security State of API Security Report found that the average number of APIs grew 82% from July 2021 to July 2022. During the same time period, API attack traffic surged 117%, from an average of 12.22 million malicious calls per month to an average of 26.46 million calls.

On the positive side, despite the lack of an API security matrix, security leaders can still leverage the MITRE ATT&CK Framework to identify and defend themselves against these growing threats. Bad actors still frequently use many of the MITRE-outlined TTPs throughout the different phases of their API attack campaigns.

While not a “cure-all” approach, (as every API attack will always represent a zero-day attack), understanding the crossover of some of these attack methodologies can benefit security leaders. By recognizing the relationship between many of the TTPs identified in the MITRE framework and behaviors of attackers during their API attack campaigns, , organizations have an opportunity to:

  • Improve threat detection
  • Implement more effective incident response
  • Allocate security resources more effectively
  • Identify security gaps
  • Increase understanding of the scope of an attack and its potential impact

In our new White Paper, we have taken a close look at the MITRE ATT&CK Enterprise Matrix – essentially a superset of all the matrices. Many of the tactics in this matrix are also being applied in API attack campaigns. By analyzing where the tactics are being duplicated in API attacks, security leaders can better understand the attacker mindset and improve their API threat insights.

In our analysis, we have taken a deep dive into the following three common API security threats:

  • Broken object level authorization (BOLA)
  • Stolen credentials
  • Leaky public APIs

For each of these threats, we’ve mapped a typical attack lifecycle to the TTPs found in the Enterprise Matrix. We’ve outlined the steps that bad actors can take in each scenario from reconnaissance and phishing to evasion and data exfiltration or abuse. We’ve also shared the differences between the MITRE ATT&CK Framework and the OWASP API Security Top 10 – and why both are important educational tools in your API security arsenal.

In the future, we hope that API security threats will be added into its own matrix within the MITRE ATT&CK Framework. In the meantime, our report can help you understand how to defend against these attacks and develop more effective incident response plans by leveraging this well-known security framework. We invite you to download this complimentary resource.

If you’re interested in seeing the Salt Security API Protection Platform in action, contact us for a customized demo today!


Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

June 18, 2024

Salt Labs
Research Team

Salt Labs

Increasing API Traffic, Proliferating Attack Activity and Lack of Maturity: Key Findings from Salt Security’s 2024 State of API Security Report

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents.

Read more

June 12, 2024

Elad Hoffer
Head of Product R/T Protection


Salt Security Leading the Way in AI-Driven API Security for Next-Generation Threat Protection and Attacker Insights

Learn how the recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

Read more

June 7, 2024

Eric Schwake
Head of Product Marketing

A Salt Security Perspective on the 2024 Gartner® Market Guide for API Protection

Salt Security's API Protection Platform is AI-infused and designed to address the challenges outlined in the Gartner report.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide