This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1564 | .009 | Hide Artifacts: Resource Forking |
Configure applications to use the application bundle structure which leverages the |
Enterprise | T1574 | Hijack Execution Flow |
When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.[2] |
|
.002 | DLL Side-Loading |
When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.[2] |
||
Enterprise | T1559 | Inter-Process Communication |
Enable the Hardened Runtime capability when developing applications. Do not include the |
|
.003 | XPC Services |
Enable the Hardened Runtime capability when developing applications. Do not include the |
||
Enterprise | T1647 | Plist File Modification |
Ensure applications are using Apple's developer guidance which enables hardened runtime.[3] |
|
Enterprise | T1078 | Valid Accounts |
Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage). |
|
Mobile | T1517 | Access Notifications |
Application developers could be encouraged to avoid placing sensitive data in notification text. |
|
Mobile | T1413 | Access Sensitive Data in Device Logs |
Application developers should be discouraged from writing sensitive data to the system log in production apps. |
|
Mobile | T1513 | Screen Capture |
Application developers can apply |
|
Mobile | T1416 | URI Hijacking |
Developers should use Android App Links[5] and iOS Universal Links[6] to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE[7] should be used to prevent use of stolen authorization codes. |