DETECTION OF VULNERABILITIES IN USER AUTHENTICATION MECHANISMS IN SAAS SERVICES BASED ON MITRE ATT&CK
DOI:
https://doi.org/10.31891/2219-9365-2023-74-7Keywords:
SaaS services, MITRE ATT&CK matrix, user authentication, MITRE frameworkAbstract
In the modern world, the majority of businesses use SaaS services for storing and processing confidential information, creating a large flow of data that requires protection. Preventing data abuse is one of the key challenges in business. To achieve this goal, it is important to understand potential threats that may arise and take appropriate measures to prevent them.
Ensuring reliable and secure user access to SaaS services is an important component of information security. Authentication mechanisms play a crucial role in verifying the identity of users and ensuring their authorized access. However, vulnerabilities in these mechanisms can create potential avenues for abuse and unauthorized access.
MITRE ATT&CK is a powerful tool that can be used to identify potential vulnerabilities in user authentication mechanisms in SaaS services. ATT&CK provides a detailed description of criminal tactics and techniques that can be used by attackers to target user authentication systems. This enables companies to analyse their authentication mechanisms and take measures to improve them and prevent potential attacks.
This approach allows organizations not only to identify potential weaknesses in authentication mechanisms but also to develop effective measures for their detection, prevention, and mitigation. The use of the MITRE ATT&CK Matrix for identifying vulnerabilities in authentication mechanisms is becoming increasingly relevant in the context of growing threats and the need to protect users' confidential data.