Application Developer Guidance
This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1574 | Hijack Execution Flow |
When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.[1] |
|
| .002 | DLL Side-Loading |
When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.[1] |
||
| Enterprise | T1078 | Valid Accounts |
Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage). |
|
| Mobile | T1517 | Access Notifications |
Application developers could be encouraged to avoid placing sensitive data in notification text. |
|
| Mobile | T1413 | Access Sensitive Data in Device Logs |
Application developers should be discouraged from writing sensitive data to the system log in production apps. |
|
| Mobile | T1513 | Screen Capture |
Application developers can apply |
|
| Mobile | T1416 | URI Hijacking |
Developers should use Android App Links[3] and iOS Universal Links[4] to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE[5] should be used to prevent use of stolen authorization codes. |
|
References
- Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.
- Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019.
- Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020.