Application Developer Guidance
Techniques Addressed by Mitigation |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1212 | Exploitation for Credential Access |
Application developers should consider taking measures to validate authentication requests by enabling one-time passwords, providing timestamps or sequence numbers for messages sent, using digital signatures, and/or using random session keys.(Citation: Comparitech Replay Attack)(Citation: Bugcrowd Replay Attack) |
|
| Enterprise | T1564 | Hide Artifacts |
Application developers should consider limiting the requirements for custom or otherwise difficult to manage file/folder exclusions. Where possible, install applications to trusted system folder paths that are already protected by restricted file and directory permissions. |
|
| T1564.009 | Resource Forking |
Configure applications to use the application bundle structure which leverages the |
||
| T1564.012 | File/Path Exclusions |
Application developers should consider limiting the requirements for custom or otherwise difficult to manage file/folder exclusions. Where possible, install applications to trusted system folder paths that are already protected by restricted file and directory permissions. |
||
| Enterprise | T1574 | Hijack Execution Flow |
When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.(Citation: FireEye DLL Side-Loading) |
|
| T1574.002 | DLL Side-Loading |
When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.(Citation: FireEye DLL Side-Loading) |
||
| Enterprise | T1559 | Inter-Process Communication |
Enable the Hardened Runtime capability when developing applications. Do not include the |
|
| T1559.003 | XPC Services |
Enable the Hardened Runtime capability when developing applications. Do not include the |
||
| Enterprise | T1647 | Plist File Modification |
Ensure applications are using Apple's developer guidance which enables hardened runtime.(Citation: Apple Developer Doco Hardened Runtime) |
|
| Enterprise | T1496 | T1496.003 | Resource Hijacking: SMS Pumping |
Consider implementing CAPTCHA protection on forms that send messages via SMS. |
| Enterprise | T1593 | Search Open Websites/Domains |
Application developers uploading to public code repositories should be careful to avoid publishing sensitive information such as credentials and API keys. |
|
| T1593.003 | Code Repositories |
Application developers uploading to public code repositories should be careful to avoid publishing sensitive information such as credentials and API keys. |
||
| Enterprise | T1195 | Supply Chain Compromise |
Application developers should be cautious when selecting third-party libraries to integrate into their application. Additionally, where possible, developers should lock software dependencies to specific versions rather than pulling the latest version on build.(Citation: Cider Security Top 10 CICD Security Risks) |
|
| T1195.001 | Compromise Software Dependencies and Development Tools |
Application developers should be cautious when selecting third-party libraries to integrate into their application. Additionally, where possible, developers should lock software dependencies to specific versions rather than pulling the latest version on build.(Citation: Cider Security Top 10 CICD Security Risks) |
||
| Enterprise | T1550 | Use Alternate Authentication Material |
Consider implementing token binding strategies, such as Azure AD token protection or OAuth Proof of Possession, that cryptographically bind a token to a secret. This may prevent the token from being used without knowledge of the secret or possession of the device the token is tied to.(Citation: Microsoft Token Protection 2023)(Citation: Okta DPoP 2023) |
|
| T1550.001 | Application Access Token |
Consider implementing token binding strategies, such as Azure AD token protection or OAuth Proof of Possession, that cryptographically bind a token to a secret. This may prevent the token from being used without knowledge of the secret or possession of the device the token is tied to.(Citation: Microsoft Token Protection 2023)(Citation: Okta DPoP 2023) |
||
| Enterprise | T1078 | Valid Accounts |
Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage). |
|
References
- Apple Inc.. (2021, January 1). Hardened Runtime: Manage security protections and resource access for your macOS apps.. Retrieved March 24, 2021.
- Daniel Krivelevich and Omer Gil. (n.d.). Top 10 CI/CD Security Risks. Retrieved March 24, 2024.
- Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.
- Bugcrowd. (n.d.). Replay Attack. Retrieved September 27, 2023.
- Justin Schamotta. (2022, October 28). What is a replay attack?. Retrieved September 27, 2023.
- Microsoft. (2023, October 23). Conditional Access: Token protection (preview). Retrieved January 2, 2024.
- Venkat Viswanathan. (2023, June 13). A leap forward in token security: Okta adds support for DPoP. Retrieved January 2, 2024.
- Apple Inc. (2021, February 18). App security overview. Retrieved October 12, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.