{"description": "Enterprise techniques mitigated by Application Developer Guidance, ATT&CK mitigation M1013 (v1.2)", "name": "Application Developer Guidance (M1013)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1212", "comment": "Application developers should consider taking measures to validate authentication requests by enabling one-time passwords, providing timestamps or sequence numbers for messages sent, using digital signatures, and/or using random session keys.(Citation: Comparitech Replay Attack)(Citation: Bugcrowd Replay Attack)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1564", "comment": "Application developers should consider limiting the requirements for custom or otherwise difficult to manage file/folder exclusions. Where possible, install applications to trusted system folder paths that are already protected by restricted file and directory permissions.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1564.009", "comment": "Configure applications to use the application bundle structure which leverages the /Resources folder location.(Citation: Apple App Security Overview) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1564.012", "comment": "Application developers should consider limiting the requirements for custom or otherwise difficult to manage file/folder exclusions. Where possible, install applications to trusted system folder paths that are already protected by restricted file and directory permissions.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1574", "comment": "When possible, include hash values in manifest files to help prevent side-loading of malicious libraries.(Citation: FireEye DLL Side-Loading)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1574.001", "comment": "When possible, include hash values in manifest files to help prevent side-loading of malicious libraries. ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1559", "comment": "Enable the Hardened Runtime capability when developing applications. Do not include the com.apple.security.get-task-allow entitlement with the value set to any variation of true. ", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1559.003", "comment": "Enable the Hardened Runtime capability when developing applications. Do not include the com.apple.security.get-task-allow entitlement with the value set to any variation of true. ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1647", "comment": "Ensure applications are using Apple's developer guidance which enables hardened runtime.(Citation: Apple Developer Doco Hardened Runtime)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1496", "showSubtechniques": true}, {"techniqueID": "T1496.003", "comment": "Consider implementing CAPTCHA protection on forms that send messages via SMS. ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1593", "comment": "Application developers uploading to public code repositories should be careful to avoid publishing sensitive information such as credentials and API keys.", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1593.003", "comment": "Application developers uploading to public code repositories should be careful to avoid publishing sensitive information such as credentials and API keys.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1195", "comment": "Application developers should be cautious when selecting third-party libraries to integrate into their application. Additionally, where possible, developers should lock software dependencies to specific versions rather than pulling the latest version on build.(Citation: Cider Security Top 10 CICD Security Risks)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1195.001", "comment": "Application developers should be cautious when selecting third-party libraries to integrate into their application. Additionally, where possible, developers should lock software dependencies to specific versions rather than pulling the latest version on build.(Citation: Cider Security Top 10 CICD Security Risks) GitHub Actions may be pinned to a specific commit hash rather than a tag or branch.(Citation: Unit 42 Palo Alto GitHub Actions Supply Chain Attack 2025) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1550", "comment": "Consider implementing token binding strategies, such as Azure AD token protection or OAuth Proof of Possession, that cryptographically bind a token to a secret. This may prevent the token from being used without knowledge of the secret or possession of the device the token is tied to.(Citation: Microsoft Token Protection 2023)(Citation: Okta DPoP 2023)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1550.001", "comment": "Consider implementing token binding strategies, such as Azure AD token protection or OAuth Proof of Possession, that cryptographically bind a token to a secret. This may prevent the token from being used without knowledge of the secret or possession of the device the token is tied to.(Citation: Microsoft Token Protection 2023)(Citation: Okta DPoP 2023)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1078", "comment": "Ensure that applications do not store sensitive data or credentials insecurely. (e.g. plaintext credentials in code, published credentials in repositories, or credentials in public cloud storage).", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Application Developer Guidance", "color": "#66b1ff"}]}