All threats

third-party-integration-risk

Insecure integrations with third-party applications create attack vectors or expose sensitive data through connected services

MITRE ATT&CK techniques

Common Weakness Enumeration

• CWE-829
• CWE-1357

Mitigating controls

ctrl-integration-1

Maintain inventory of all third-party integrations and their permissions

ctrl-integration-2

Implement security review process for new integrations

ctrl-integration-3

Monitor data flows between integrated applications

ctrl-integration-4

Enforce API rate limiting and access controls

ctrl-integration-5

Regularly review and remove unused integrations

References

• https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
• https://csrc.nist.gov/pubs/sp/800/161/r1/final