Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35396 | SRG-APP-000144-MAPP-00033 | SV-46683r1_rule | Medium |
Description |
---|
Transaction based systems must have transaction rollback and transaction journaling, or technical equivalents implemented to ensure the system can recover from an attack or faulty transaction data. A transaction based application that has just recovered from an attack or has crashed due to erroneous transaction data is vulnerable to a denial of service attack. This control mitigates the risk of denial of service attacks following the recovery of an application crash or unexpected termination. |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2013-01-04 |
Check Text ( C-43752r1_chk ) |
---|
For mobile applications that are transaction based, perform a review of the application's documentation to assess if the application uses an on-board database, such as SQLite, Oracle9i Lite, Jdatastore, etc. Review the documentation to assess if the on-board databases support journaling and rollback. If the application's database does not support journaling or rollback or the application is unable to provide the same, this is a finding. |
Fix Text (F-39941r1_fix) |
---|
Implement rollback and journaling features in the application or incorporate products with rollback and journaling features. |