⚠
BowTie Risk
Assessments
Hazards
Library
Implementations
Guide
← Back
Edit Threat
Name
Category
Tags
(comma-separated)
Description
Adversaries may forge credential materials that can be used to gain access to web applications or Internet services. Web applications and services (hosted in cloud SaaS environments or on-premise servers) often use session cookies, tokens, or other materials to authenticate and authorize user access. Adversaries may generate these credential materials in order to gain access to web resources. This differs from Steal Web Session Cookie, Steal Application Access Token, and other similar behaviors
Save changes
Cancel