Unlock the full potential of your projects.
Exibir mapa completo
Copiar e editar mapa Copiar

Principle 1

Outro
MN
Mark Neve
Começar. É Gratuito
ou inscrever-se com seu endereço de e-mail
Mapas mentais semelhantes Esboço do mapa mental
Principle 1 por Mind Map: Principle 1

1. Google

1.1. Android Security Best Practices

1.1.1. Ask for credentials before showing sensitive information

1.1.2. Use WebView objects carefully

1.1.3. Store private data within internal storage

1.1.4. Store data in external storage based on use case

1.1.5. Store only non-sensitive data in cache files

1.1.6. Use SharedPreferences in private mode

1.2. App Security Best Practices

1.2.1. Authentication-1

1.2.2. Authentication-2

1.2.3. Authentication-3

1.2.4. Authentication-4

1.2.5. User data-2

1.2.6. WebView-1

1.2.7. WebView-2

1.2.8. WebView-3

1.2.9. Minimize credential exposure-1

1.2.10. Minimize credential exposure-2

1.2.11. Minimize credential exposure-4

1.2.12. Use secure authentication-1

1.2.13. Use secure authentication-2

1.2.14. Use secure authentication-3

1.2.15. Practice secure account management-1

1.2.16. API key management-1

1.2.17. API key management-2

1.2.18. Generation and storage-1

1.2.19. Strong key storage-1

1.2.20. Source control exclusion-1

1.2.21. Environment-specific keys-1

1.2.22. Usage and access control-1

1.2.23. Usage and access control-2

1.2.24. Usage and access control-3

1.2.25. Usage and access control-5

1.2.26. Cryptography-11

1.2.27. Interprocess communication-2

1.2.28. Security with dynamically loaded code-1

1.3. Core App Quality

1.3.1. SC-DF1

1.3.2. SC-DF2

1.3.3. SC-DF3

1.3.4. SC-ID1

1.3.5. SC-ID2

1.3.6. SC-ID3

2. Open Web Application Security Project (OWASP)

2.1. Application Security Verification Standard 5.0.0 (ASVS)

2.1.1. V4.3 GraphQL

2.1.2. V4.4 WebSocket

2.1.3. V6.2 Password Security

2.1.4. V6.3 General Authentication Security

2.1.5. V6.4 Authentication Factor Lifecycle and Recovery

2.1.6. V6.5 General Multi‑factor authentication requirements

2.1.7. V6.6 Out‑of‑Band authentication mechanisms

2.1.8. V6.8 Authentication with an Identity Provider

2.1.9. V7.4 Session Termination

2.1.10. V7.5 Defenses Against Session Abuse

2.1.11. V8.3 Operation Level Authorization

2.1.12. V8.4 Other Authorization Considerations

2.1.13. V9.2 Token content

2.1.14. V10.1 Generic OAuth and OIDC Security

2.1.15. V10.2 OAuth Client

2.1.16. V10.3 OAuth Resource Server

2.1.17. V10.4 OAuth Authorization Server

2.1.18. V10.5 OIDC Client

2.1.19. V10.6 OpenID Provider

2.1.20. V11.4 Hashing and Hash‑based Functions

2.1.21. V11.7 In‑Use Data Cryptography

2.1.22. V13.2 Backend Communication Configuration

2.1.23. V13.3 Secret Management

2.1.24. V13.4 Unintended Information Leakage

2.1.25. V14.2 General Data Protection

2.1.26. V15.2 Security Architecture and Dependencies

2.1.27. V16.2 General Logging

2.1.28. V16.3 Security Events

2.1.29. V16.4 Log Protection

2.2. Mobile Application Security Verification Standard (MASVS)

2.2.1. MASVS-STORAGE-1

2.2.2. MASVS-STORAGE-2

2.2.3. MASVS-AUTH-1

2.2.4. MASVS-AUTH-2

2.2.5. MASVS-AUTH-3

2.2.6. MASVS-NETWORK-2

2.2.7. MASVS-PRIVACY-3

3. Apple

3.1. Apple Developer Security

3.1.1. Authorization and Authentication Password AutoFill Overview

3.1.2. Authorization and Authentication Password AutoFill Enable Password AutoFill

3.1.3. Authorization and Authentication Password AutoFill Support Third-Party Web Services

3.1.4. Authorization and Authentication Password AutoFill Integrate a Password Management App with Password AutoFill

3.1.5. Authorization and Authentication Shared Web Credentials Overview

3.1.6. Authorization and Authentication Authorization Services Overview

3.1.7. Authorization and Authentication Authorization Plug-ins Overview

3.1.8. Authorization and Authentication One-Time Code Overview

3.1.9. Authorization and Authentication Keychain Services Overview

3.1.10. Secure Data Keychain Items Overview

3.1.11. Secure Data Keychains Overview

3.1.12. Secure Data Access Control Lists Overview

3.1.13. Secure Code Notarizing macOS software before distribution Notarize your app automatically as part of the distribution process

3.1.14. Secure Code Notarizing macOS software before distribution Notarize your preexisting software

3.1.15. Secure Code Notarizing macOS software before distribution Add a notarization step to your build scripts

3.1.16. Secure Code Using the latest code signature format Overview

3.1.17. Secure Code Using the latest code signature format Determine whether your app needs a new signature

3.1.18. Launch environmental constraints Defining launch environment and library constraints Overview

3.1.19. Cryptography Complying with Encryption Export Regulations Overview

4. MITRE

4.1. ATT&CK Mobile Application Developer Guidance

4.1.1. T1212 Exploitation for Credential Access

4.1.2. T1564.009 Resource Forking

4.1.3. T1564.012 File/Path Exclusions

4.1.4. T1496.003 Resource Hijacking: SMS Pumping

4.1.5. T1195.001 Compromise Software Dependencies and Development Tools

4.1.6. T1078 Valid Accounts

4.1.7. T1517 Access Notifications

4.1.8. T1513 Screen Capture

5. App Defence Alliance

5.1. Application Security Assessment

5.1.1. Mobile 1.1.1.1 (Android)

5.1.2. Mobile 1.1.2.1 (Android)

5.1.3. Mobile 1.1.2.2 (Android)

5.1.4. Mobile 1.2.1.1 (Android)

5.1.5. Mobile 1.2.1.2 (Android)

5.1.6. Mobile 1.2.1.3 (Android)

5.1.7. Mobile 1.2.2.1 (Android)

5.1.8. Mobile 1.2.2.2 (Android)

5.1.9. Mobile 1.3.1.1 (Android)

5.1.10. Mobile 1.5.1.3 (Android)

5.1.11. Mobile 1.5.2.1 (Android)

5.1.12. Mobile 1.5.2.2 (Android)

5.1.13. Mobile 1.5.3.1 (Android)

5.1.14. Mobile 1.6.3.1 (Android)

5.1.15. Mobile 1.7.2.1 (Android)

5.1.16. Mobile 1.7.3.1 (Android)

5.1.17. Mobile 1.8.1.1 (Android)

5.1.18. Mobile 2.5.1.1 (iOS)

5.1.19. Mobile 2.5.1.2 (iOS)

5.1.20. Mobile 2.5.1.3 (iOS)

5.1.21. Mobile 2.5.1.4 (iOS)

5.1.22. Mobile 2.5.1.5 (iOS)

5.1.23. Mobile 2.5.1.6 (iOS)

5.1.24. Web 1.1.1

5.1.25. Web 1.1.2

5.1.26. Web 1.1.3

5.1.27. Web 1.2.1

5.1.28. Web 1.3.1

5.1.29. Web 1.3.2

5.1.30. Web 1.3.3

5.1.31. Web 1.3.4 (

5.1.32. Web 3.1.6

5.1.33. Web 3.2.1

5.1.34. Web 3.2.2

5.1.35. Web 3.3.1

5.1.36. Web 6.2.1

5.1.37. Web 6.5.1

5.1.38. Web 6.6.1

5.1.39. Web 6.7.1

5.1.40. Cloud 1.3.3

5.1.41. Cloud 1.3.4

5.1.42. Cloud 1.4.1

5.1.43. Cloud 1.5.1

5.1.44. Cloud 1.6.2

5.1.45. Cloud 1.7.1

5.1.46. Cloud 1.8.1

5.1.47. Cloud 1.8.2

5.1.48. Cloud 2.1.1

5.1.49. Cloud 2.4.2

5.1.50. Cloud 2.4.3

5.1.51. Cloud 2.6.1

5.1.52. Cloud 2.7.1

5.1.53. Cloud 2.7.2

5.1.54. Cloud 2.7.3

5.1.55. Cloud 2.7.4

5.1.56. Cloud 2.7.5

5.1.57. Cloud 2.7.6

5.1.58. Cloud 2.8.2

5.1.59. Cloud 2.8.3

5.1.60. Cloud 2.8.4

5.1.61. Cloud 2.9.1

5.1.62. Cloud 2.9.2

5.1.63. Cloud 2.10.1

5.1.64. Cloud 2.10.2

5.1.65. Cloud 2.11.1

5.1.66. Cloud 2.11.3

5.1.67. Cloud 2.11.4

5.1.68. Cloud 2.11.5

5.1.69. Cloud 2.12.1

5.1.70. Cloud 2.13.1

5.1.71. Cloud 2.14.1

5.1.72. Cloud 2.14.2

5.1.73. Cloud 2.14.3

5.1.74. Cloud 2.14.4

5.1.75. Cloud 2.14.5

5.1.76. Cloud 2.14.6

5.1.77. Cloud 2.14.7

5.1.78. Cloud 2.14.8

5.1.79. Cloud 2.15.1

5.1.80. Cloud 2.15.2

5.1.81. Cloud 2.16.1

5.1.82. Cloud 2.17.1

5.1.83. Cloud 2.18.1

5.1.84. Cloud 3.3.1

5.1.85. Cloud 3.5.2

5.1.86. Cloud 3.6.1

5.1.87. Cloud 3.9.1

5.1.88. Cloud 4.2.1

5.1.89. Cloud 4.2.3

5.1.90. Cloud 4.2.4

5.1.91. Cloud 4.2.5

5.1.92. Cloud 4.3.1

5.1.93. Cloud 4.3.2

5.1.94. Cloud 4.3.3

5.1.95. Cloud 4.3.4

5.1.96. Cloud 4.3.5

5.1.97. Cloud 4.3.6

5.1.98. Cloud 4.3.7

5.1.99. Cloud 5.1.1

5.1.100. Cloud 5.2.1

5.1.101. Cloud 5.4.1

5.1.102. Cloud 5.4.2

5.1.103. Cloud 5.5.1

5.1.104. Cloud 5.5.2

5.1.105. Cloud 5.5.3

5.1.106. Cloud 5.6.1

5.1.107. Cloud 5.7.1

5.1.108. Cloud 6.2.1

5.1.109. Cloud 6.4.1

5.1.110. Cloud 6.4.2

5.1.111. Cloud 6.5.1

5.1.112. Cloud 6.5.2

5.1.113. Cloud 6.5.3

5.1.114. Cloud 6.7.1

5.1.115. Cloud 6.8.1

5.1.116. Cloud 6.9.1

5.1.117. Cloud 6.10.1

6. NIAP

6.1. NIAP Profile Protection

6.1.1. FPT_TST.1.2

6.1.2. FPT_TST.1.3

6.1.3. FCS_STO_EXT.1 Storage of Credentials FCS_STO_EXT.1.1

6.1.4. 5.1.2 User Data Protection (FDP) FDP_DAR_EXT.1 Encryption Of Sensitive Application Data FDP_DAR_EXT.1

6.1.5. 5.1.3 Security Management (FMT) FMT_CFG_EXT.1 Secure by Default Configuration FMT_CFG_EXT.1.1

6.1.6. FMT_CFG_EXT.1.2

6.1.7. FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_MEC_EXT.1.1

6.1.8. FPT_API_EXT.1 Use of Supported Services and APIs FPT_API_EXT.1.1

6.1.9. FPT_TUD_EXT.2.3

7. GSMA

7.1. MDSCert

7.1.1. FCS_STG_EXT.1.1

7.1.2. FCS_STG_EXT.1.2

7.1.3. FIA_SAR.1.1

7.1.4. FPT_EAT_EXT.1.1

7.1.5. FPT_EAT_EXT.1.2

7.1.6. ALC_DVS_EXT.1.4C

8. ETSI

8.1. EN 303 645

8.1.1. Principle 5.1-2

8.1.2. Principle 5.1-2A

8.1.3. Principle 5.1-3

8.1.4. Principle 5.1-4

8.1.5. Principle 5.1-5

8.1.6. Principle 5.4-1

8.1.7. Principle 5.4-2

8.1.8. Principle 5.5-8

8.1.9. Principle 5.6-1

8.1.10. Principle 5.6-5

8.1.11. Principle 5.6-6

8.2. EN 319 401

8.2.1. REQ-7.4.1-03

8.2.2. REQ-7.4.1-04

8.2.3. REQ-7.4.1-05

8.2.4. REQ-7.4.1-06

8.2.5. REQ-7.4.1-08

8.2.6. REQ-7.4.1-09

8.2.7. REQ-7.4.1-10

8.2.8. REQ-7.4.1-11

8.2.9. REQ-7.4.1-13

8.2.10. REQ-7.4.1-14

8.2.11. REQ-7.4.2-02

8.2.12. REQ-7.4.2-03

8.2.13. REQ-7.4.2-04

8.2.14. REQ-7.4.3-01

8.2.15. REQ-7.4.3-02

8.2.16. REQ-7.4.4-03

8.2.17. REQ-7.4.4-05

8.2.18. REQ-7.4.5-01

8.2.19. REQ-7.4.5-02 a)

8.2.20. REQ-7.4.5-02 c)

8.2.21. REQ-7.4.5-02 d)

8.2.22. REQ-7.4.5-02 f)

8.2.23. REQ-7.4.5-03

8.2.24. REQ-7.4.5-04

8.2.25. REQ-7.4.6-01

8.2.26. REQ-7.4.6-02

8.2.27. REQ-7.6-01

8.2.28. REQ-7.6-02

8.2.29. REQ-7.7-14

8.2.30. REQ-7.7-15

8.2.31. REQ-7.13-03

8.2.32. REQ-7.13-04

8.3. TS 103 606

8.3.1. 11.3.4 Encrypted application packaging process 11.3.4.5 Application ZIP package signature verification process

8.4. TS 103 732

8.4.1. FAP_RSK.1

8.4.2. FAP_RSK.8

8.4.3. FAP_RSK.10