Unlock the full potential of your projects.
Show full map

App/Code Hardening

Other
MN
Mark Neve
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
App/Code Hardening by Mind Map: App/Code Hardening

1. Open Web Application Security Project (OWASP)

1.1. Mobile Application Security Verification Standard (MASVS)

1.1.1. 7.2 MSTG-CODE-2

1.1.2. 7.4 MSTG-CODE-4

1.1.3. 7.6 MSTG-CODE-6

1.1.4. 7.7 MSTG-CODE-7

1.1.5. 7.8 MSTG-CODE-8

1.1.6. 7.9 MSTG-CODE-9

1.1.7. 8.2 MSTG-RESILIENCE-2

1.1.8. 8.3 MSTG-RESILIENCE-3

1.1.9. 8.4 MSTG-RESILIENCE-4

1.1.10. 8.5 MSTG-RESILIENCE-5

1.1.11. 8.6 MSTG-RESILIENCE-6

1.1.12. 8.7 MSTG-RESILIENCE-7

1.1.13. 8.8 MSTG-RESILIENCE-8

1.1.14. 8.9 MSTG-RESILIENCE-9

1.1.15. 8.10 MSTG-RESILIENCE-10

1.2. Application Security Verification Standard 4.0.3 (ASVS)

1.2.1. V1.1 Secure Software Development Lifecycle

1.2.2. V1.5 Input and Output Architecture

1.2.3. V1.11 Business Logic Architecture

1.2.4. V1.14 Configuration Architecture

1.2.5. V4.1 General Access Control Design

1.2.6. V4.2 Operation Level Access Control

1.2.7. V5.1 Input Validation

1.2.8. V5.2 Sanitization and Sandboxing

1.2.9. V5.3 Output Encoding and Injection Prevention

1.2.10. V5.4 Memory, String, and Unmanaged Code

1.2.11. V5.5 Deserialization Prevention

1.2.12. V6.2 Algorithms

1.2.13. V7.4 Error Handling

1.2.14. V10.2 Malicious Code Search

1.2.15. V10.3 Application Integrity

1.2.16. V11.1 Business Logic Security

1.2.17. V12.1 File Upload

1.2.18. V12.3 File Execution

1.2.19. V12.4 File Storage

1.2.20. V13.1 Generic Web Service Security

1.2.21. V14.1 Build and Deploy

1.2.22. V14.3 Unintended Security Disclosure

2. National Information Assurance Partnership (NIAP)

2.1. Requirements for Vetting Mobile Apps from the Protection Profile for Application Software

2.1.1. Anti-Exploitation Capabilities FPT_AEX_EXT.1.3

2.1.2. Anti-Exploitation Capabilities FPT_AEX_EXT.1.5

2.1.3. Integrity for Installation and Update FPT_TUD_EXT.1.3

2.1.4. Integrity for Installation and Update FPT_TUD_EXT.1.4

2.1.5. Security Assurance Requirements ALC_CMC.1.1C

2.1.6. Use of Supported Services and APIs FPT_API_EXT.2.1

2.1.7. Software Identification and Versions FPT_IDV_EXT.1.1

3. UK National Cyber Security Centre (NCSC)

3.1. Application development Recommendations

3.1.1. Application hardening Stack protection

3.1.2. Application hardening Code obfuscation

3.1.3. Application hardening Jailbreak and root detection

3.1.4. Android application development 1.3 Secure application development Application security

3.1.5. Android application development 1.3 Secure application development Security recommendations

3.1.6. Apple iOS application development

3.1.7. Secure iOS application development 1.3 Secure application development recommendations Secure data transmission

3.1.8. Secure iOS application development 1.3 Secure application development recommendations Application security

3.1.9. Secure iOS application development 1.3 Secure application development recommendations Client side security

3.1.10. Secure Windows application development 1.7 Application security

4. MITRE

4.1. Application Developer Guidance

4.1.1. T1564.009 Hide Artifacts: Resource Forking

4.1.2. T1517 Access Notifications

4.1.3. T1635 Steal Application Access Token

4.1.4. T1635.001 URI Hijacking

4.1.5. T1474 Supply Chain Compromise

4.1.6. T1474.001 Compromise Software Dependencies and Development Tools

5. ioXt Alliance

5.1. Mobile Application Profile

5.1.1. 4.5. Verified Software VS2

5.1.2. 4.6. Security by Default SD114

6. US National Institute of Standards and Technology (NIST)

6.1. NIST Special Publication 800-190

6.1.1. 4.6 Hardware Countermeasures

7. GOOGLE

7.1. Developer Security

7.1.1. Secure Code Code Signing Services Overview

7.1.2. Secure Code Notarizing macOS software before distribution Overview

7.1.3. Secure Code Notarizing macOS software before distribution Prepare your software for notarization

7.1.4. Secure Code Notarizing macOS software before distribution Notarize Plug-ins

7.1.5. Secure Code Notarizing macOS software before distribution Add the entitlements needed by plug-ins

7.1.6. Secure Code Notarizing macOS software before distribution Notarize your app automatically as part of the distribution process

7.1.7. Secure Code Notarizing macOS software before distribution Notarize your preexisting software

7.1.8. Secure Code Notarizing macOS software before distribution Add a notarization step to your build scripts

7.1.9. Secure Code Preparing Your App to Work with Pointer Authentication Overview

7.1.10. Secure Code Preparing Your App to Work with Pointer Authentication Build an arm64e Binary to Adopt Pointer Authentication

7.1.11. Secure Code Preparing Your App to Work with Pointer Authentication Recognize Pointer Authentication Failures

7.1.12. Secure Code Preparing Your App to Work with Pointer Authentication Update Your Code to Avoid Pointer Authentication Failures

7.1.13. Secure Code App Sandbox Overview

7.1.14. Secure Code Hardened Runtime Overview

7.1.15. Secure Code Disabling and Enabling System Integrity Protection Overview

7.1.16. Secure Code Disabling and Enabling System Integrity Protection Disable System Integrity Protection Temporarily

7.1.17. Secure Code Disabling and Enabling System Integrity Protection Enable System Integrity Protection

7.1.18. Results Code Security Framework Results Code Overview

8. GOOGLE

8.1. Core app quality

8.1.1. PS-T6

8.1.2. SC-AC1

8.1.3. SC-W1

8.1.4. SC-W1

8.1.5. SC-E1