ASTRA-AUTH-003 — API Key Stuffing and Brute Force¶
Overview¶
This technique is documented in ASTRA v1.0. Full write-up in progress. Community contributions welcome — see CONTRIBUTING.md to write this entry.
Tactic¶
Authentication Abuse
Protocols¶
REST · gRPC
Severity Score¶
| Dimension | Score (1–5) | Rationale |
|---|---|---|
| Exploitability | — | — |
| Prevalence | — | — |
| Data sensitivity | — | — |
| Business impact | — | — |
| Composite | — / 5 |
Rating: High
Attack Scenario¶
Full attack scenario coming in v1.1. Want to write it? Open an issue.
Real-World Breach Mapping¶
| Field | Detail |
|---|---|
| Incident | TBD |
| Year | — |
| Organisation | — |
| What happened | — |
| ASTRA technique | ASTRA-AUTH-003 |
| Source | — |
Detection¶
Sigma Rule¶
See detection-rules/sigma/ASTRA-AUTH-003.yml
What to look for¶
Coming in v1.1
Remediation¶
Coming in v1.1
References¶
Coming in v1.1