The AppSec Kill-Chain Evolved
TTPs for Modern Defenses
New and popular frameworks such as MITRE ATT&CK have aided organizations in extending their previous kill-chain models to be more focused on the actual tactics, techniques, and procedures (TTPs) that attackers are using in the real world. And while MITRE ATT&CK was originally designed for Windows-based enterprise networks, the same concepts can apply to application security.
In order to properly defend against adversaries, an organization must be aware of the specific TTPs used at each phase of an attack.
In this webcast, we will take a lifecycle approach to understanding web app attacks, share examples of the tools and techniques used in each phase, and the defenses security teams can employ to protect their applications.
This will include an analysis of:
- Attacker preparations and anonymity
- Enumeration and Scanning
- Gaining credentialed access to applications and accounts
- Exploitation and detection evasion
- Abuse of APIs
- Pivoting to do damage after an exploit
Watch this on-demand webinar and leave with a better understanding of the key TTPs at the heart of modern application attacks and tips for ensuring continuous defenses across the lifecycle of an attack.