This technique involves analyzing the naming conventions used in container images, source code repositories, and other related artifacts.
By examining the naming conventions, an attacker can gain insights into the technologies and frameworks used in the application, as well as potentially identifying weak spots or vulnerabilities that can be exploited.
For example, an attacker might use this technique to identify the specific version of a library or software component used in an application, which could then be cross-referenced with known vulnerabilities to determine if the application is at risk.
Alternatively, an attacker might analyze naming conventions to determine the structure and organization of a codebase, which could aid in future attacks.
ID:T0100
Type:Technique
Tactic:Reconnaissance
Summary:Discover naming conventions
State:Draft
Mitigations
ID
TYPE
SUMMARY
DESCRIPTION
M1000
Mitigation
Mitigation Limit Publicly Available Information Be cautious about what information is publicly available, including on websites, social media, and other public sources, as it can provide valuable clues to attackers about naming conventions or other system details.
Mitigation Limit Publicly Available Information Be cautious about what information is publicly available, including on websites, social media, and other public sources, as it can provide valuable clues to attackers about naming conventions or other system details.
M1001
Mitigation
Mitigation Avoid Predictable Naming Conventions Use random, unique, and non-predictable naming conventions for resources in the system or network to make it difficult for attackers to enumerate and gather information.
Mitigation Avoid Predictable Naming Conventions Use random, unique, and non-predictable naming conventions for resources in the system or network to make it difficult for attackers to enumerate and gather information.
M1503
Mitigation
Mitigation Implement SCA analysis Component Analysis is the process of identifying potential areas of risk from the use of third-party and open-source software and hardware components.
The best option for implementing SCA analysis is integration of SCA analysis tools into your CI/CD environment in order to scan your source code dependencies before the release.
M1720
Mitigation
Mitigation Implement regular patches and updates Regular patches and updates are necessary to improve the security, performance, and reliability of software and systems.
They include bug fixes, security updates, and performance improvements. Regular patches and updates also ensure compatibility with new technologies and can help maintain compliance with regulatory standards. Failure to install patches and updates can leave systems vulnerable to security threats, cause system failures or crashes, and limit the functionality of software and systems.
Detections
ID
TYPE
SUMMARY
DESCRIPTION
D1500
Detection
Detection Configure monitoring of used artifacts and open-source libraries Implement regular scanning of used artifacts and open-source libraries for known vulnerabilities.
Set up monitoring of reported issues based on regular scanning results.
D1510
Detection
Detection Implement Intrusion Detection System and anti-malware An intrusion detection system (IDS) is a security tool designed to detect and alert on unauthorized access to a computer system or network.
Implementing intrusion detection systems (IDS) and anti-malware software can help to identify and block malicious activity. IDS is a critical security tool that helps organizations to detect and respond to security incidents in a timely manner. By providing real-time monitoring and analysis of network traffic, IDS can help organizations to stay ahead of potential threats and reduce the risk of a security breach.
AppSec teams are overwhelmed by useless alerts, managing numerous applications with vulnerabilities across various kill-chain stages, making them increasingly susceptible to successful attacks.
