Elastic Stack injection is a technique where attackers inject queries into API calls, which are in turn executed in back-end Elastic services.
Organizations often implement Elastic Stack as a SIEM or general data storage for applications. These instances of Elastic clusters are sometimes misconfigured or exposed, enabling attackers to manipulate API requests and obtain access to data or functionality for which they’re unauthorized.
To learn more about this attack vector, check out this Salt Labs threat research blog.
About the Anatomy of an API Attack video series
The goal is to provide a deeper understanding of attacker techniques so that you’re better equipped to protect your APIs and build an API security strategy. Organizations increasingly rely on APIs to power their business and provide access to valuable data. Attackers know this and are constantly looking for API flaws to exploit with tools, motivation, and time on their side.