There is one area of information security that is conspicuously absent from ATT&CK.
If your tooling only applies the detections and mitigations from ATT&CK, then you’re missing out on some critical security telemetry. More importantly, you will be lacking visibility over critical attacks against your organisation.
So what’s still hidden in the fog of war?
Application Security!
MITRE have the whole gamut of appsec issues categorised under a single technique T1190 “Exploit Public-Facing Application”. They simply point readers to the OWASP top 10 and the CWE top 25 for more information.
Most monitoring tools focus on system or network attacks but lack visibility and response for applications. There really is no substitute for good preventative application security practices, built in to the SDLC.
I’m Gene. I use my software engineering and red team experience to drive security uplift initiatives. Most recently I led the offensive …
More
This Attack Model maps potential attack vectors in a typical forgotten password …
STRIDE has not aged well… I’ve seen first-hand the …
A few years ago I was brought in to help with …
Let me tell you a story… A few years ago, I was …
The news of Hezbollah agents being targeted with …