MITRE ATT&CK®

MITRE ATT&CK®

logo

Summary

MITRE ATT&CKĀ® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and is used as a cybersecurity product and service community. This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.

Definitions

Definition Requirements
M1036. Account use policies 027. Allow session lockout
130. Limit password lifespan
131. Deny multiple password changing attempts
138. Define lifespan for temporary passwords
141. Force re-authentication
210. Delete information from mobile devices
226. Avoid account lockouts
227. Display access notification
305. Prioritize token usage
M1049. Antivirus/antimalware 041. Scan files for malicious code
118. Inspect attachments
273. Define a fixed security suite
M1048. Application isolation and sandboxing 159. Obfuscate code
180. Use mock data
M1047. Audit 155. Application free of malicious code
322. Avoid excessive logging
M1040. Behavior prevention on endpoint 373. Use certificate pinning
M1046. Boot integrity 062. Define standard configurations
M1045. Code signing 178. Use digital signatures
M1043. Credential access protection 114. Deny access with inactive credentials
122. Validate credential ownership
142. Change system default credentials
375. Remove sensitive data from client-side applications
M1057. Data loss prevention 062. Define standard configurations
266. Disable insecure functionalities
273. Define a fixed security suite
M1041. Encrypt sensitive information 026. Encrypt client-side session information
151. Separate keys for encryption and signatures
185. Encrypt sensitive information
M1039. Environment variable permissions 035. Manage privilege modifications
M1038. Execution prevention 344. Avoid dynamic code execution
352. Enable trusted execution
M1037. Filter network traffic 115. Filter malicious emails
173. Discard unsafe inputs
258. Filter website content
M1035. Limit access to resource over network 033. Restrict administrative access
167. Close unused resources
320. Avoid client-side control enforcement
330. Verify Subresource Integrity
M1034. Limit hardware installation 221. Disconnect unnecessary input devices
326. Detect rooted devices
350. Enable memory protection mechanisms
M1033. Limit software installation 354. Prevent firmware downgrades
M1032. Multi-factor authentication 229. Request access credentials
328. Request MFA for critical systems
362. Assign MFA mechanisms to a single account
M1031. Network intrusion prevention 033. Restrict administrative access
247. Hide SSID on private networks
249. Locate access points
251. Change access point IP
255. Allow access only to the necessary ports
M1030. Network segmentation 033. Restrict administrative access
259. Segment the organization network
M1027. Password policies 126. Set a password regeneration mechanism
127. Store hashed passwords
129. Validate previous passwords
130. Limit password lifespan
131. Deny multiple password changing attempts
133. Passwords with at least 20 characters
136. Force temporary password change
137. Change temporary passwords of third parties
138. Define lifespan for temporary passwords
332. Prevent the use of breached passwords
367. Proper generation of temporary passwords
380. Define a password management tool
M1026. Privileged account management 025. Manage concurrent sessions
033. Restrict administrative access
034. Manage user accounts
035. Manage privilege modifications
095. Define users with privileges
096. Set user's required privileges
M1025. Privileged process integrity 046. Manage the integrity of critical files
224. Use secure cryptographic mechanisms
231. Implement a biometric verification component
232. Require equipment identity
265. Restrict access to critical processes
328. Request MFA for critical systems
337. Make critical logic flows thread safe
M1029. Remote data storage 075. Record exceptional events in logs
083. Avoid logging sensitive data
085. Allow session history queries
176. Restrict system objects
213. Allow geographic location
350. Enable memory protection mechanisms
M1022. Restrict file and directory permissions 176. Restrict system objects
280. Restrict service root directory
M1021. Restrict web-based content 029. Cookies with security attributes
118. Inspect attachments
175. Protect pages from clickjacking
258. Filter website content
349. Include HTTP security headers
M1020. SSL/TLS inspection 336. Disable insecure TLS versions
M1051. Update software 302. Declare dependencies explicitly
353. Schedule firmware updates
M1018. User account management 025. Manage concurrent sessions
034. Manage user accounts
096. Set user's required privileges
M1016. Vulnerability scanning 041. Scan files for malicious code
062. Define standard configurations
154. Eliminate backdoors
155. Application free of malicious code
M1015. Active directory configuration 062. Define standard configurations
M1013. Application developer guidance 154. Eliminate backdoors
155. Application free of malicious code
156. Source code without sensitive information
157. Use the strict mode
158. Use a secure programming language
159. Obfuscate code
160. Encode system outputs
161. Define secure default options
162. Avoid duplicate code
164. Use optimized structures
167. Close unused resources
168. Initialize variables explicitly
169. Use parameterized queries
171. Remove commented-out code
172. Encrypt connection strings
173. Discard unsafe inputs
175. Protect pages from clickjacking
323. Exclude unverifiable files
337. Make critical logic flows thread safe
344. Avoid dynamic code execution
345. Establish protections against overflows
379. Keep low McCabe cyclomatic complexity
M1042. Disable or remove feature or program 062. Define standard configurations
266. Disable insecure functionalities
M1028. Operating system configuration 062. Define standard configurations
M1056. Pre-compromise 035. Manage privilege modifications
095. Define users with privileges
186. Use the principle of least privilege
M1044. Restrict library loading 155. Application free of malicious code
302. Declare dependencies explicitly
M1024. Restrict registry permissions 035. Manage privilege modifications
062. Define standard configurations
095. Define users with privileges
096. Set user's required privileges
M1054. Software configuration 266. Disable insecure functionalities
M1052. User account control 035. Manage privilege modifications
095. Define users with privileges
096. Set user's required privileges
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.