Unlock the full potential of your projects.
Exibir mapa completo
Copiar e editar mapa Copiar

App/Code Hardening - 2026

Outro
MN
Mark Neve
Começar. É Gratuito
ou inscrever-se com seu endereço de e-mail
Mapas mentais semelhantes Esboço do mapa mental
App/Code Hardening - 2026 por Mind Map: App/Code Hardening - 2026

1. MITRE

1.1. ATT&CK Mobile Application Developer Guidance

1.1.1. Preventing SQL Injection (Secure Coding Practice)

1.1.2. Cross-Site Scripting (XSS) Mitigation

1.1.3. Static Code Analysis in the Build Pipeline

1.1.4. T1559.003 XPC Services

1.1.5. T1647 Plist File Modification

1.1.6. T1593.003 Code Repositories

1.1.7. T1635.001 URI Hijacking

2. App Defence Alliance

2.1. Application Security Assessment

2.1.1. Mobile 1.5.1.1

2.1.2. Mobile 1.5.1.2

2.1.3. Mobile 1.5.1.4

2.1.4. Mobile 1.5.3.1

2.1.5. Mobile 1.6.3.1

2.1.6. Mobile 1.6.3.2

2.1.7. Mobile 1.6.3.3

2.1.8. Mobile 1.6.3.4

2.1.9. Web 2.1.1

2.1.10. Web 3.1.2

2.1.11. Web 3.1.3

2.1.12. Web 3.1.4

2.1.13. Web 5.1.1

2.1.14. Web 5.1.3

2.1.15. Web 5.1.4

2.1.16. Web 5.1.5

2.1.17. Web 5.1.6

2.1.18. Web 5.1.7

2.1.19. Web 5.1.8

2.1.20. Web 5.1.9

2.1.21. Web 5.1.10

2.1.22. Web 5.2.1

2.1.23. Web 6.3.1

2.1.24. Cloud 2.8.1

3. Open Web Application Security Project (OWASP)

3.1. Mobile Application Security Verification Standard (MASVS)

3.1.1. MASVS-PLATFORM-3

3.1.2. MASVS-CODE-4

3.2. Application Security Verification Standard 5.0.0 (ASVS)

3.2.1. V1.1 Encoding and Sanitization Architecture

3.2.2. V1.2 Injection Prevention

3.2.3. V1.3 Sanitization

3.2.4. V1.4 Memory, String, and Unmanaged Code

3.2.5. V1.5 Safe Deserialization

3.2.6. V2.1 Validation and Business Logic Documentation

3.2.7. V2.2 Input Validation

3.2.8. V2.3 Business Logic Security

3.2.9. V2.4 Anti‑automation

3.2.10. V3.2 Unintended Content Interpretation

3.2.11. V3.3 Cookie Setup

3.2.12. V4.2 HTTP Message Structure Validation

3.2.13. V5.2 File Upload and Content

3.2.14. V5.3 File Storage

3.2.15. V5.4 File Download

3.2.16. V8.3 Operation Level Authorization

3.2.17. V8.4 Other Authorization Considerations

3.2.18. V9.1 Token source and integrity

3.2.19. V10.2 OAuth Client

3.2.20. V10.5 OIDC Client

3.2.21. V13.1 Configuration Documentation

3.2.22. V13.4 Unintended Information Leakage

3.2.23. V14.2 General Data Protection

3.2.24. V15.1 Secure Coding and Architecture Documentation

3.2.25. V15.2 Security Architecture and Dependencies

3.2.26. V15.3 Defensive Coding

3.2.27. V15.4 Safe Concurrency

3.2.28. V16.2 General Logging

3.2.29. V16.3 Security Events

3.2.30. V16.4 Log Protection

3.2.31. V16.5 Error Handling

3.2.32. V17.2 Media

3.2.33. V17.3 Signaling

4. ETSI

4.1. EN 303 645

4.1.1. Provision 5.6-8

4.1.2. Provision 5.6-9

4.1.3. Provision 5.7-2

4.1.4. Provision 5.10-1

4.1.5. Provision 5.13-1A

4.1.6. Provision 5.13-1B

4.2. TS 103 732

4.2.1. FAP_RSK.7

4.2.2. FAP_RSK.7.1

5. Apple

5.1. Apple Developer Security

5.1.1. Secure Code Code Signing Services Overview

5.1.2. Secure Code Notarizing macOS software before distribution Overview

5.1.3. Secure Code Notarizing macOS software before distribution Prepare your software for notarization

5.1.4. Secure Code Notarizing macOS software before distribution Notarize plug-ins

5.1.5. Secure Code Notarizing macOS software before distribution Add the entitlements needed by plug-ins

5.1.6. Secure Code Notarizing macOS software before distribution Notarize your app automatically as part of the distribution process

5.1.7. Secure Code Notarizing macOS software before distribution Notarize your preexisting software

5.1.8. Secure Code Notarizing macOS software before distribution Add a notarization step to your build scripts

5.1.9. Secure Code Preparing your app to work with pointer authentication Overview

5.1.10. Secure Code Preparing your app to work with pointer authentication Build an arm64e binary to adopt pointer authentication

5.1.11. Secure Code Preparing your app to work with pointer authentication Recognize pointer authentication failures

5.1.12. Secure Code Preparing your app to work with pointer authentication Update your code to avoid pointer authentication failures

5.1.13. Secure Code Protecting user data with App Sandbox Overview

5.1.14. Secure Code Hardened Runtime Overview

5.1.15. Secure Code Disabling and Enabling System Integrity Protection Overview

5.1.16. Secure Code Disabling and Enabling System Integrity Protection Disable System Integrity Protection Temporarily

5.1.17. Secure Code Disabling and Enabling System Integrity Protection Enable System Integrity Protection

5.1.18. Secure Code Updating Mac Software Update Files that Include Signed Code

5.1.19. Secure Code Updating Mac Software Check Third-Party Software Updaters

5.1.20. Result Codes Security Framework Result Codes Discussion

6. Google

6.1. Core App Quality

6.1.1. PS-T6

6.1.2. SC-AC1

6.1.3. SC-W1

6.1.4. SC-W1

6.1.5. SC-E1

6.2. Android Security Best Practices

6.2.1. Check availability of storage volume

6.2.2. Check validity of data

6.3. App Security Best Practices

6.3.1. External storage-2

6.3.2. Content providers-5

6.3.3. Content providers-6

6.3.4. Input validation-1

6.3.5. Input validation-2

6.3.6. Input validation-3

6.3.7. Input validation-4

6.3.8. Input validation-5

6.3.9. WebView-4

6.3.10. Minimize credential exposure-5

6.3.11. Practice secure account management-2

6.3.12. Practice secure account management-3

6.3.13. Stay vigilant-3

6.3.14. General best practices-2

6.3.15. General best practices-3

6.3.16. General best practices-4

6.3.17. Interprocess communication-1

6.3.18. Intents-2

6.3.19. Intents-3

6.3.20. Intents-5

6.3.21. Services-1

6.3.22. Services-3

6.3.23. Security in native code-1

6.3.24. Security in native code-2

7. NIAP

7.1. NIAP Profile Protection

7.1.1. FPT_FLS.1.1

7.1.2. FPT_TST.1.1

7.1.3. 5.1.5 Protection of the TSF (FPT) FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_AEX_EXT.1.1

7.1.4. FPT_AEX_EXT.1.2

7.1.5. FPT_AEX_EXT.1.3

7.1.6. FPT_AEX_EXT.1.4

7.1.7. FPT_AEX_EXT.1.5

7.1.8. FPT_API_EXT.2.1