Attack Surface Reduction

Get Started. It's Free
or sign up with your email address
Attack Surface Reduction by Mind Map: Attack Surface Reduction

1. Open Web Application Security Project (OWASP)

1.1. Mobile Application Security Verification Standard (MASVS)

1.1.1. 2.8 MSTG-STORAGE-8

1.1.2. 2.9 MSTG-STORAGE-9

1.1.3. 2.10 MSTG-STORAGE-10

1.1.4. 6.5 MSTG-PLATFORM-5

1.1.5. 6.6 MSTG-PLATFORM-6

1.1.6. 7.3 MSTG-CODE-3

1.1.7. 8.1 MSTG-RESILIENCE-1

1.1.8. 8.11 MSTG-RESILIENCE-11

1.1.9. 8.12 MSTG-RESILIENCE-12

1.2. Application Security Verification Standard 4.0.3 (ASVS)

1.2.1. V1.2 Authentication Architecture

1.2.2. V1.6 Cryptographic Architecture

1.2.3. V1.14 Configuration Architecture

1.2.4. V4.1 General Access Control Design

1.2.5. V4.3 Other Access Control Considerations

1.2.6. V7.1 Log Content

1.2.7. V7.2 Log Processing

1.2.8. V7.3 Log Protection

1.2.9. V8.1 General Data Protection

1.2.10. V10.2 Malicious Code Search

1.2.11. V14.1 Build and Deploy

1.2.12. V14.2 Dependency

2. GOOGLE

2.1. Core app quality

2.1.1. SC-DF3

2.2. App Security Best Practices

2.2.1. Enforce secure communication Use WebView objects carefully

3. MITRE

3.1. Application Developer Guidance

3.1.1. T1574 Hijack Execution Flow

3.1.2. T1574.002 DLL Side-Loading

3.1.3. T1559 Inter-Process Communication

3.1.4. T1559.003 XPC Services

3.1.5. T1647 Plist File Modification

3.1.6. T1513 Screen Capture

4. ioXt Alliance

4.1. Mobile Application Profile

4.1.1. 4.4. No Universal Password UP106

4.1.2. 4.5. Verified Software VS4

4.1.3. 4.6. Security by Default SD111

4.1.4. 4.7. Secured Interfaces SI1.1

4.1.5. 4.7. Secured Interfaces SI1.2

4.1.6. 4.7. Secured Interfaces SI1.3

4.1.7. 4.7. Secured Interfaces SI1.4

4.1.8. 4.7. Secured Interfaces SI2.1

4.1.9. 4.7. Secured Interfaces SI2.2

4.1.10. 4.7. Secured Interfaces SI2.3

4.1.11. 4.7. Secured Interfaces SI102

4.1.12. 4.7. Secured Interfaces SI103

5. National Information Assurance Partnership (NIAP)

5.1. Requirements for Vetting Mobile Apps from the Protection Profile for Application Software

5.1.1. Access to Platform Resources FDP_DEC_EXT.1.1

5.1.2. Supported Configuration Mechanism FMT_MEC_EXT.1.1

5.1.3. Anti-Exploitation Capabilities FPT_AEX_EXT.1.1

5.1.4. Anti-Exploitation Capabilities FPT_AEX_EXT.1.4

5.1.5. Integrity for Installation and Update FPT_TUD_EXT.1.2

5.1.6. Use of Third Party Libraries FPT_LIB_EXT.1.1

6. US National Institute of Standards and Technology (NIST)

6.1. NIST Special Publication 800-190

6.1.1. 4.1.2 Image configuration defects

6.1.2. 4.1.5 Use of untrusted images

6.1.3. 4.2.2 Stale images in registries

6.1.4. 4.3.1 Unbounded administrative access

6.1.5. 4.3.4 Mixing of workload sensitivity levels

6.1.6. 4.4.3 Insecure container runtime configurations

6.1.7. 4.5.1 Large attack surface

6.1.8. 4.5.2 Shared kernel

6.1.9. 6.3 Implementation Phase

7. UK National Cyber Security Centre (NCSC)

7.1. Application development Recommendations

7.1.1. Third party applications

7.1.2. 3.2 In-house applications SECURITY CONSIDERATIONS

7.1.3. Secure iOS application development 1.3 Secure application development recommendations Pasteboard and debugging data

7.1.4. Secure deployment of iOS applications 3.2 In-house applications Security considerations

7.1.5. Secure deployment of Windows application 3.2 In-house Windows store applications

7.1.6. Secure deployment of Windows application 3.3 General security advice Unmanaged deployment