Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-APP-000516-MAPP-000064 | SRG-APP-000516-MAPP-000064 | SRG-APP-000516-MAPP-000064_rule | Medium |
Description |
---|
Hardcoded resources include URLs and path references to files outside of the app environment. An adversary who is aware of such references can attack the app by breaching the external resource it calls. In most cases, such references may be placed in configuration files that may be updated when the resource reference is no longer valid. This also makes such references more transparent than they would be if they remained embedded in app code. |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2014-07-22 |
Check Text ( C-SRG-APP-000516-MAPP-000064_chk ) |
---|
Perform a static program analysis and search the source code for common URL prefixes and suffixes (i.e., "http://", "ftp://", ".mil", ".com"). Also, look for common file path references (e.g., /bin). If there are any such references referring to something other than local app resources such as a configuration file, this is a finding. |
Fix Text (F-SRG-APP-000516-MAPP-000064_fix) |
---|
Remove all hardcoded external resource references from the mobile app code. |