Home
ATT&CK Techniques
T1190 Exploit Public-Facing Application

T1190 Exploit Public-Facing Application Mappings

Adversaries may attempt to take advantage of a weakness in an Internet-facing computer or program using software, data, or commands in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability. These applications are often websites, but can include databases (like SQL)(Citation: NVD CVE-2016-6662), standard services (like SMB(Citation: CIS Multiple SMB Vulnerabilities) or SSH), network device administration and management protocols (like SNMP and Smart Install(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)(Citation: Cisco Blog Legacy Device Attacks)), and any other applications with Internet accessible open sockets, such as web servers and related services.(Citation: NVD CVE-2014-7169) Depending on the flaw being exploited this may include Exploitation for Defense Evasion.

If an application is hosted on cloud-based infrastructure, then exploiting it may lead to compromise of the underlying instance. This can allow an adversary a path to access the cloud APIs or to take advantage of weak identity and access management policies.

For websites and databases, the OWASP top 10 and CWE top 25 highlight the most common web-based vulnerabilities.(Citation: OWASP Top 10)(Citation: CWE top 25)

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-2	Account Management	Protects	T1190	Exploit Public-Facing Application
AC-3	Access Enforcement	Protects	T1190	Exploit Public-Facing Application
AC-4	Information Flow Enforcement	Protects	T1190	Exploit Public-Facing Application
AC-5	Separation of Duties	Protects	T1190	Exploit Public-Facing Application
AC-6	Least Privilege	Protects	T1190	Exploit Public-Facing Application
CA-2	Control Assessments	Protects	T1190	Exploit Public-Facing Application
CA-7	Continuous Monitoring	Protects	T1190	Exploit Public-Facing Application
CM-5	Access Restrictions for Change	Protects	T1190	Exploit Public-Facing Application
CM-6	Configuration Settings	Protects	T1190	Exploit Public-Facing Application
CM-7	Least Functionality	Protects	T1190	Exploit Public-Facing Application
CM-8	System Component Inventory	Protects	T1190	Exploit Public-Facing Application
IA-2	Identification and Authentication (organizational Users)	Protects	T1190	Exploit Public-Facing Application
IA-8	Identification and Authentication (non-organizational Users)	Protects	T1190	Exploit Public-Facing Application
RA-10	Threat Hunting	Protects	T1190	Exploit Public-Facing Application
RA-5	Vulnerability Monitoring and Scanning	Protects	T1190	Exploit Public-Facing Application
SA-8	Security and Privacy Engineering Principles	Protects	T1190	Exploit Public-Facing Application
SC-18	Mobile Code	Protects	T1190	Exploit Public-Facing Application
SC-2	Separation of System and User Functionality	Protects	T1190	Exploit Public-Facing Application
SC-29	Heterogeneity	Protects	T1190	Exploit Public-Facing Application
SC-3	Security Function Isolation	Protects	T1190	Exploit Public-Facing Application
SC-30	Concealment and Misdirection	Protects	T1190	Exploit Public-Facing Application
SC-39	Process Isolation	Protects	T1190	Exploit Public-Facing Application
SC-46	Cross Domain Policy Enforcement	Protects	T1190	Exploit Public-Facing Application
SC-7	Boundary Protection	Protects	T1190	Exploit Public-Facing Application
SI-10	Information Input Validation	Protects	T1190	Exploit Public-Facing Application
SI-2	Flaw Remediation	Protects	T1190	Exploit Public-Facing Application
SI-3	Malicious Code Protection	Protects	T1190	Exploit Public-Facing Application
SI-4	System Monitoring	Protects	T1190	Exploit Public-Facing Application
SI-7	Software, Firmware, and Information Integrity	Protects	T1190	Exploit Public-Facing Application
alerts_for_windows_machines	Alerts for Windows Machines	technique_scores	T1190	Exploit Public-Facing Application
azure_security_center_recommendations	Azure Security Center Recommendations	technique_scores	T1190	Exploit Public-Facing Application
azure_sentinel	Azure Sentinel	technique_scores	T1190	Exploit Public-Facing Application
azure_defender_for_kubernetes	Azure Defender for Kubernetes	technique_scores	T1190	Exploit Public-Facing Application
azure_automation_update_management	Azure Automation Update Management	technique_scores	T1190	Exploit Public-Facing Application
azure_policy	Azure Policy	technique_scores	T1190	Exploit Public-Facing Application
advanced_threat_protection_for_azure_sql_database	Advanced Threat Protection for Azure SQL Database	technique_scores	T1190	Exploit Public-Facing Application
azure_defender_for_app_service	Azure Defender for App Service	technique_scores	T1190	Exploit Public-Facing Application
azure_defender_for_container_registries	Azure Defender for Container Registries	technique_scores	T1190	Exploit Public-Facing Application
azure_web_application_firewall	Azure Web Application Firewall	technique_scores	T1190	Exploit Public-Facing Application
azure_web_application_firewall	Azure Web Application Firewall	technique_scores	T1190	Exploit Public-Facing Application
just-in-time_vm_access	Just-in-Time VM Access	technique_scores	T1190	Exploit Public-Facing Application
sql_vulnerability_assessment	SQL Vulnerability Assessment	technique_scores	T1190	Exploit Public-Facing Application
integrated_vulnerability_scanner_powered_by_qualys	Integrated Vulnerability Scanner Powered by Qualys	technique_scores	T1190	Exploit Public-Facing Application
azure_network_traffic_analytics	Azure Network Traffic Analytics	technique_scores	T1190	Exploit Public-Facing Application