Skip to content

M1013 Application Developer Guidance

This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.

Item Value
ID M1013
Version 1.0
Created 25 October 2017
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Addressed by Mitigation

Domain ID Name Use
enterprise T1564 Hide Artifacts -
enterprise T1564.009 Resource Forking Configure applications to use the application bundle structure which leverages the /Resources folder location.3
enterprise T1574 Hijack Execution Flow When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.1
enterprise T1574.002 DLL Side-Loading When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.1
enterprise T1559 Inter-Process Communication Enable the Hardened Runtime capability when developing applications. Do not include the com.apple.security.get-task-allow entitlement with the value set to any variation of true.
enterprise T1559.003 XPC Services Enable the Hardened Runtime capability when developing applications. Do not include the com.apple.security.get-task-allow entitlement with the value set to any variation of true.
enterprise T1647 Plist File Modification Ensure applications are using Apple’s developer guidance which enables hardened runtime.2
enterprise T1078 Valid Accounts Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage).
mobile T1517 Access Notifications Application developers could be encouraged to avoid placing sensitive data in notification text.
mobile T1413 Access Sensitive Data in Device Logs Application developers should be discouraged from writing sensitive data to the system log in production apps.
mobile T1513 Screen Capture Application developers can apply FLAG_SECURE to sensitive screens within their apps to make it more difficult for the screen contents to be captured.4
mobile T1416 URI Hijacking Developers should use Android App Links5 and iOS Universal Links6 to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE7 should be used to prevent use of stolen authorization codes.

References

Back to top