Application Developer Guidance
This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.
Techniques Addressed by Mitigation
Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage).
Application developers could be encouraged to avoid placing sensitive data in notification text.
|Mobile||T1413||Access Sensitive Data in Device Logs||
Application developers should be discouraged from writing sensitive data to the system log in production apps.
Application developers can apply