Skip to content

Service Standard API

Info

ID:
Tactic: Gain Access

Service Standard APIs

Adversaries may exploit legitimate APIs or application endpoints—those normally accessed by authorized users—to introduce malicious files or code. Instead of exploiting a vulnerability in the underlying service, attackers rely on existing upload or configuration interfaces, such as file submission fields, support ticket attachments, or plugin extensions. By conforming to the intended usage model, these actions can appear routine and evade basic intrusion detection.

In many cloud‑native or microservice‑driven environments, developers expose a range of APIs for administrative tasks, data import, or feature customization. If access controls are incomplete or default configurations allow broader permissions, adversaries can seamlessly insert malicious scripts, libraries, or binaries through these same APIs. The malicious content lies dormant in the system until triggered by a separate execution pathway, effectively setting the stage for deeper compromise.