This site has been deprecated in favor of and will remain in place until 11/1/22.

Execution through API

From attackics
Jump to navigation Jump to search

To visit this technique’s new page please go to and update your links to

Execution through API
ID T0871
Tactic Execution
Data Sources Module: Module Load, Network Traffic: Network Traffic Content
Asset Field Controller/RTU/PLC/IED


Adversaries may attempt to leverage Application Program Interfaces (APIs) used for communication between control software and the hardware. Specific functionality is often coded into APIs which can be called by software to engage specific functions on a device or other software.

Procedure Examples


  • Authorization Enforcement - All APIs used to perform execution, especially those hosted on embedded controllers (e.g., PLCs), should provide adequate authorization enforcement of user access. Minimize user's access to only required API calls.3
  • Human User Authentication - All APIs on remote systems or local processes should require the authentication of users before executing any code or system changes.
  • Access Management - Access Management technologies can be used to enforce authorization policies and decisions, especially when existing field devices do not provide capabilities to support user identification and authentication.4 These technologies typically utilize an in-line network device or gateway system to prevent access to unauthenticated users, while also integrating with an authentication service to first verify user credentials.