All threats

unauthorized-access

Attacker gains access to resources without proper authentication or authorization

MITRE ATT&CK techniques

Common Weakness Enumeration

• CWE-284
• CWE-862

Mitigating controls

ctrl-unauth-1

Implement strong authentication mechanisms (MFA)

ctrl-unauth-2

Enforce least-privilege access controls

ctrl-unauth-3

Implement network segmentation and firewalls

ctrl-unauth-4

Enable comprehensive access logging and monitoring

ctrl-unauth-5

Regularly review and audit access permissions

References

• https://owasp.org/Top10/A01_2021-Broken_Access_Control/
• https://cheatsheetseries.owasp.org/cheatsheets/Access_Control_Cheat_Sheet.html