Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35746 | SRG-APP-999999-MAPP-00064 | SV-47033r1_rule | Medium |
Description |
---|
Hardcoded resources include URLs and path references to files outside of the application environment. If an adversary is aware of such references, they can attack the application by breaching the external resource it calls. In most cases, such references may be placed in configuration files that may be updated when the resource reference is no longer valid. This also makes such references more transparent than they would be if they remained embedded in application code. |
STIG | Date |
---|---|
Mobile Application Security Requirements Guide | 2013-01-04 |
Check Text ( C-44089r1_chk ) |
---|
Perform a static program analysis and search the source code for common URL prefixes and suffixes (i.e., "http://", "ftp://", ".mil", ".com"). Also, look for common file path references (e.g., /bin). If there are any such references referring to something other than a local application resources such as a configuration file, this is a finding. |
Fix Text (F-40290r1_fix) |
---|
Remove hardcoded resource references from the application code. |