The mobile application must initialize all parameter values on start up.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35754	SRG-APP-999999-MAPP-00073	SV-47041r1_rule		Medium

Description
An application could be compromised, providing an attack vector to it if the application initialization process is not designed to keep the application in both a secure and functional state. Any operating parameter in the application, such as variables and settings, must be reset and initialized to default values otherwise an adversary, in possession of the device could access the application with privileges. An application that re-initializes its parameters at start up is assured a more secure session since the application has initialized all functional components that allow it to operate properly and thus securely.

Description

An application could be compromised, providing an attack vector to it if the application initialization process is not designed to keep the application in both a secure and functional state. Any operating parameter in the application, such as variables and settings, must be reset and initialized to default values otherwise an adversary, in possession of the device could access the application with privileges. An application that re-initializes its parameters at start up is assured a more secure session since the application has initialized all functional components that allow it to operate properly and thus securely.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-44098r1_chk )
Perform a dynamic program analysis to assess if the application, upon startup initializes all parameter values the application uses. If the dynamic program analysis identifies any parameter value that is not initialized on startup, this is a finding.

Fix Text (F-40299r1_fix)
Modify code to ensure upon starting, the application initializes all parameter values.