SaaS Attacks Report

A collection of SaaS attack techniques to help defenders understand the threats they face

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face.

Our goal at Push is simple — to reduce the risk of using SaaS apps at work. Doing this well means building controls that are easy to use, easy to understand — and ultimately effective. These controls need to be effective against the most common techniques that are likely to cause real damage.

To talk about this, we need to have a shared understanding of what these techniques are. To get that conversation going, we’ve pulled together all the techniques we're aware of and we've even added a bunch of new ones.

In this guide, you'll learn about::

The SaaS Attacks Matrix and how it can benefit your red and blue teams

New SaaS-focused variations of older attacks

Brand new attack techniques against SaaS-native and hybrid organizations

How SaaS opens up serious persistence challenges even in traditional endpoint compromise scenarios

What the cyber kill chain looks like when applied to SaaS-native and hybrid organizations