Skip to main content

MITRE ATT&CK®

logo

Summary

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and is used as a cybersecurity product and service community. This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.

Definitions

DefinitionRequirements
M1013. Application developer guidance154. Eliminate backdoors
155. Application free of malicious code
156. Source code without sensitive information
157. Use the strict mode
158. Use a secure programming language
159. Obfuscate code
160. Encode system outputs
161. Define secure default options
162. Avoid duplicate code
164. Use optimized structures
167. Close unused resources
168. Initialize variables explicitly
169. Use parameterized queries
171. Remove commented-out code
172. Encrypt connection strings
173. Discard unsafe inputs
175. Protect pages from clickjacking
323. Exclude unverifiable files
337. Make critical logic flows thread safe
344. Avoid dynamic code execution
345. Establish protections against overflows
379. Keep low McCabe ciclomatic complexity
M1015. Active directory configuration062. Define standard configurations
M1016. Vulnerability scanning041. Scan files for malicious code
062. Define standard configurations
154. Eliminate backdoors
155. Application free of malicious code
M1018. User account management025. Manage concurrent sessions
034. Manage user accounts
096. Set user's required privileges
M1020. SSL/TLS inspection336. Disable insecure TLS versions
M1021. Restrict web-based content029. Cookies with security attributes
118. Inspect attachments
175. Protect pages from clickjacking
258. Filter website content
349. Include HTTP security headers
M1022. Restrict file and directory permissions176. Restrict system objects
280. Restrict service root directory
M1024. Restrict registry permissions035. Manage privilege modifications
062. Define standard configurations
095. Define users with privileges
096. Set user's required privileges
M1025. Privileged process integrity046. Manage the integrity of critical files
224. Use secure cryptographic mechanisms
231. Implement a biometric verification component
232. Require equipment identity
265. Restrict access to critical processes
328. Request MFA for critical systems
337. Make critical logic flows thread safe
M1026. Privileged account management025. Manage concurrent sessions
033. Restrict administrative access
034. Manage user accounts
035. Manage privilege modifications
095. Define users with privileges
096. Set user's required privileges
M1027. Password policies126. Set a password regeneration mechanism
127. Store hashed passwords
129. Validate previous passwords
130. Limit password lifespan
131. Deny multiple password changing attempts
133. Passwords with at least 20 characters
136. Force temporary password change
137. Change temporary passwords of third parties
138. Define lifespan for temporary passwords
332. Prevent the use of breached passwords
367. Proper generation of temporary passwords
380. Define a password management tool
M1028. Operating system configuration062. Define standard configurations
M1029. Remote data storage and log075. Record exceptional events in logs
083. Avoid logging sensitive data
085. Allow session history queries
176. Restrict system objects
213. Allow geographic location
350. Enable memory protection mechanisms
M1030. Network segmentation033. Restrict administrative access
259. Segment the organization network
M1031. Network intrusion prevention033. Restrict administrative access
247. Hide SSID on private networks
249. Locate access points
251. Change access point IP
255. Allow access only to the necessary ports
M1032. Multi-factor authentication229. Request access credentials
328. Request MFA for critical systems
362. Assign MFA mechanisms to a single account
M1033. Limit software installation354. Prevent firmware downgrades
M1034. Limit hardware installation221. Disconnect unnecessary input devices
326. Detect rooted devices
350. Enable memory protection mechanisms
M1035. Limit access to resource over network033. Restrict administrative access
167. Close unused resources
320. Avoid client-side control enforcement
330. Verify Subresource Integrity
M1036. Account use policies027. Allow session lockout
130. Limit password lifespan
131. Deny multiple password changing attempts
138. Define lifespan for temporary passwords
141. Force re-authentication
210. Delete information from mobile devices
226. Avoid account lockouts
227. Display access notification
305. Prioritize token usage
M1037. Filter network traffic115. Filter malicious emails
173. Discard unsafe inputs
258. Filter website content
M1038. Execution prevention344. Avoid dynamic code execution
352. Enable trusted execution
M1039. Environment variable permissions035. Manage privilege modifications
M1040. Behavior prevention on endpoint373. Use certificate pinning
M1041. Encrypt sensitive information026. Encrypt client-side session information
151. Separate keys for encryption and signatures
185. Encrypt sensitive information
M1042. Disable or remove feature or program062. Define standard configurations
266. Disable insecure functionalities
M1043. Credential access protection114. Deny access with inactive credentials
122. Validate credential ownership
142. Change system default credentials
375. Remove sensitive data from client-side applications
M1044. Restrict library loading155. Application free of malicious code
302. Declare dependencies explicitly
M1045. Code signing178. Use digital signatures
M1046. Boot integrity062. Define standard configurations
M1047. Audit155. Application free of malicious code
322. Avoid excessive logging
M1048. Application isolation and sandboxing159. Obfuscate code
180. Use mock data
M1049. Antivirus/antimalware041. Scan files for malicious code
118. Inspect attachments
273. Define a fixed security suite
M1051. Update software302. Declare dependencies explicitly
353. Schedule firmware updates
M1052. User account control035. Manage privilege modifications
095. Define users with privileges
096. Set user's required privileges
M1054. Software configuration266. Disable insecure functionalities
M1056. Pre-compromise035. Manage privilege modifications
095. Define users with privileges
186. Use the principle of least privilege
M1057. Data loss prevention062. Define standard configurations
266. Disable insecure functionalities
273. Define a fixed security suite