New Application Attack Matrix Establishes Industry Standard for Protecting Modern Cloud Applications

July 09, 2025 at 09:00 AM EDT

Collaboration with world-renowned cyber leaders yields a timely framework for how attackers target modern enterprise applications

Oligo Security, the runtime security company, today announced the launch of the Application Attack Matrix, a standardized framework to categorize tactics, techniques, and procedures (TTPs) for application-layer attacks. Developed in collaboration with leading experts in threat intelligence and application security, the matrix was shaped with input from contributors from companies like AWS, Google Cloud (Mandiant), Intel, Microsoft, Salesforce, and other organizations at the forefront of cybersecurity. It is designed to help security teams, developers, and threat hunters better understand how attackers target modern applications, build more effective defenses, and bridge the gap between application security and broader security operations.

The sharp rise in software vulnerabilities year over year has created major challenges for security teams working to protect applications – even at small scales. Adversaries have taken advantage of this surge, with vulnerability exploits overtaking phishing as an initial attack vector¹. Vulnerability exploits have also remained one of the top methods used by attackers to gain access to organizations for the past 5 years in Mandiant investigations², with many critical vulnerabilities exploited within 48 hours of disclosure³.

“Attackers target applications more today than any point in history, and it is time for the industry to stop focusing on treating post-exploit symptoms and get to the root cause: the initial exploit attempts that happen in the application layer,” said Gal Elbaz, co-founder and CTO, Oligo Security. “We started this framework to help defenders understand how applications are targeted so that the industry can act together to bolster defenses. We invite anyone who wants to contribute to join us in making this a vendor agnostic, collaborative effort that hopes to create a standard methodology for protecting against application attacks.”

Application-layer attacks target applications in production environments, including web and server-side apps, and often bypass traditional detection systems to exploit vulnerabilities deep within the software stack. Current security solutions and frameworks are primarily focused on infrastructure or workload-level tactics and techniques, such as cloud and mobile technologies, networks, operating systems and endpoints. This leaves a gap in standardization for defending against application-layer attacks that increasingly stem from vulnerability exploitation.

To close this gap, the Application Attack Matrix focuses on:

Application Attack Surface: Categorizing threats specific to production environments, including web and server-side applications.
Adversary Tactics and Techniques: Documenting the tactics attackers use to exploit business logic, inject malicious code, abuse authentication mechanisms, and bypass application-layer defenses.
Response and Mitigation: Providing structured guidance on detection, mitigation, and incident response tailored to application security.
Integration into Security Operations: Enabling security operations and threat intelligence teams to use the framework in conjunction with existing attack matrices to create holistic defense strategies.

“The level of threat activity originating in the application layer makes an application-focused attack matrix critical,” said Jaime Blasco, Ballistic Ventures Threat Intelligence Advisor and Creator of Open Threat Exchange. “Applications have become beyond essential to business operations, and organizations as a whole are struggling with inconsistent security strategies, incomplete threat coverage, and ineffective incident response for modern applications. This initiative fills an important gap, empowering organizations to defend against the next-generation of threats that increasingly originate and stay in the application layer.”

More information:

View the matrix: https://www.app-attack-matrix.com/
Read the blog: https://www.oligo.security/blog/the-application-attack-matrix
Join the Discord community: https://www.oligo.security/lp/oligo-application-attack-matrix

Sources:

About Oligo Security

Oligo protects applications against attackers with the industry’s leading runtime security platform. With deep application inspection through real-time monitoring and context-aware analysis, Oligo enables customers to instantly see all of the vulnerabilities in their environments, identify those that matter most, and stop application-based attacks in their tracks. https://www.oligo.security/