Info
ID: AT-001
Tactic: Reconnaissance
MITRE technique: T1595
Reconnaissance
Reconnaissance consists of techniques adversaries use to gather information about an application’s architecture, exposed interfaces, dependencies, and runtime environment in order to identify potential attack vectors. This includes harvesting API specifications, scraping public code repositories, querying cloud metadata services, and mapping feature flags or configuration settings. By building a detailed view of an application’s attack surface—across web, mobile, API, and serverless components—threat actors can prioritize high‑value targets and tailor subsequent operations for successful intrusion.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| AM-M0001 | Web Application Firewall | Implement a WAF with rate limiting capabilities to detect and block automated scanning activities |
| AM-M0002 | Network Monitoring | Deploy network monitoring solutions to detect suspicious scanning patterns and traffic anomalies |
| AM-M0003 | Security Headers | Implement robust security headers to reduce information leakage that could aid attackers during scanning |