Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-APP-000516-MAPP-000073 | SRG-APP-000516-MAPP-000073 | SRG-APP-000516-MAPP-000073_rule | Medium |
Description |
---|
A mobile app could be compromised, providing an attack vector to it if the app initialization process is not designed to keep the app in both a secure and functional state. Any operating parameter in the app, such as variables and settings, must be reset and initialized to default values, otherwise an adversary in possession of the device could access the app with privileges. An app that re-initializes its parameters at start up is assured a more secure session since the app has initialized all functional components that allow it to operate properly and thus securely. |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2014-07-22 |
Check Text ( C-SRG-APP-000516-MAPP-000073_chk ) |
---|
Perform a dynamic program analysis to assess if the app upon startup initializes all parameter values the app uses. If the dynamic program analysis identifies any parameter value that is not initialized on startup, this is a finding. |
Fix Text (F-SRG-APP-000516-MAPP-000073_fix) |
---|
Configure or code the mobile app to initialize all parameter values on startup. |