UCF STIG Viewer Logo

The mobile app code must not contain hardcoded references to resources external to the app.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-APP-000516-MAPP-000064 SRG-APP-000516-MAPP-000064 SRG-APP-000516-MAPP-000064_rule Medium
Description
Hardcoded resources include URLs and path references to files outside of the app environment. An adversary who is aware of such references can attack the app by breaching the external resource it calls. In most cases, such references may be placed in configuration files that may be updated when the resource reference is no longer valid. This also makes such references more transparent than they would be if they remained embedded in app code.
STIG Date
Mobile Application Security Requirements Guide 2014-07-22

Details

Check Text ( C-SRG-APP-000516-MAPP-000064_chk )
Perform a static program analysis and search the source code for common URL prefixes and suffixes (i.e., "http://", "ftp://", ".mil", ".com"). Also, look for common file path references (e.g., /bin). If there are any such references referring to something other than local app resources such as a configuration file, this is a finding.
Fix Text (F-SRG-APP-000516-MAPP-000064_fix)
Remove all hardcoded external resource references from the mobile app code.