The mobile application code must not contain hardcoded references to resources external to the application.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35746	SRG-APP-999999-MAPP-00064	SV-47033r1_rule		Medium

Description
Hardcoded resources include URLs and path references to files outside of the application environment. If an adversary is aware of such references, they can attack the application by breaching the external resource it calls. In most cases, such references may be placed in configuration files that may be updated when the resource reference is no longer valid. This also makes such references more transparent than they would be if they remained embedded in application code.

Description

Hardcoded resources include URLs and path references to files outside of the application environment. If an adversary is aware of such references, they can attack the application by breaching the external resource it calls. In most cases, such references may be placed in configuration files that may be updated when the resource reference is no longer valid. This also makes such references more transparent than they would be if they remained embedded in application code.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-44089r1_chk )
Perform a static program analysis and search the source code for common URL prefixes and suffixes (i.e., "http://", "ftp://", ".mil", ".com"). Also, look for common file path references (e.g., /bin). If there are any such references referring to something other than a local application resources such as a configuration file, this is a finding.

Fix Text (F-40290r1_fix)
Remove hardcoded resource references from the application code.