Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Контрмера Application Developer Guidance
Каталоги
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Контрмеры
Application Developer Guidance
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Application Developer Guidance

This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.
ID: M1013
Version: 1.0
Created: 25 Oct 2017
Last Modified: 17 Oct 2018

Techniques Addressed by Mitigation
Domain ID Name Use
Enterprise T1564 T1564.009 Hide Artifacts: Resource Forking

Configure applications to use the application bundle structure which leverages the /Resources folder location.(Citation: Apple App Security Overview)

Enterprise T1574 Hijack Execution Flow

When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.(Citation: FireEye DLL Side-Loading)

T1574.002 DLL Side-Loading

When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.(Citation: FireEye DLL Side-Loading)

Enterprise T1559 Inter-Process Communication

Enable the Hardened Runtime capability when developing applications. Do not include the com.apple.security.get-task-allow entitlement with the value set to any variation of true.

T1559.003 XPC Services

Enable the Hardened Runtime capability when developing applications. Do not include the com.apple.security.get-task-allow entitlement with the value set to any variation of true.

Enterprise T1647 Plist File Modification

Ensure applications are using Apple's developer guidance which enables hardened runtime.(Citation: Apple Developer Doco Hardened Runtime)

Enterprise T1593 Search Open Websites/Domains

Application developers uploading to public code repositories should be careful to avoid publishing sensitive information such as credentials and API keys.

T1593.003 Code Repositories

Application developers uploading to public code repositories should be careful to avoid publishing sensitive information such as credentials and API keys.

Enterprise T1078 Valid Accounts

Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage).

References

  1. Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.
  2. Apple Inc. (2021, February 18). App security overview. Retrieved October 12, 2021.
  3. Apple Inc.. (2021, January 1). Hardened Runtime: Manage security protections and resource access for your macOS apps.. Retrieved March 24, 2021.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.