MITRE ATT&CK®

Summary

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations and is used as a cybersecurity product and service community. This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.

Definitions

Definition	Requirements
M1036. Account use policies	027. Allow session lockout 130. Limit password lifespan 131. Deny multiple password changing attempts 138. Define lifespan for temporary passwords 141. Force re-authentication 210. Delete information from mobile devices 226. Avoid account lockouts 227. Display access notification 305. Prioritize token usage
M1049. Antivirus/antimalware	041. Scan files for malicious code 118. Inspect attachments 273. Define a fixed security suite
M1048. Application isolation and sandboxing	159. Obfuscate code 180. Use mock data
M1047. Audit	155. Application free of malicious code 322. Avoid excessive logging
M1040. Behavior prevention on endpoint	373. Use certificate pinning
M1046. Boot integrity	062. Define standard configurations
M1045. Code signing	178. Use digital signatures
M1043. Credential access protection	114. Deny access with inactive credentials 122. Validate credential ownership 142. Change system default credentials 375. Remove sensitive data from client-side applications
M1057. Data loss prevention	062. Define standard configurations 266. Disable insecure functionalities 273. Define a fixed security suite
M1041. Encrypt sensitive information	026. Encrypt client-side session information 151. Separate keys for encryption and signatures 185. Encrypt sensitive information
M1039. Environment variable permissions	035. Manage privilege modifications
M1038. Execution prevention	344. Avoid dynamic code execution 352. Enable trusted execution
M1037. Filter network traffic	115. Filter malicious emails 173. Discard unsafe inputs 258. Filter website content
M1035. Limit access to resource over network	033. Restrict administrative access 167. Close unused resources 320. Avoid client-side control enforcement 330. Verify Subresource Integrity
M1034. Limit hardware installation	221. Disconnect unnecessary input devices 326. Detect rooted devices 350. Enable memory protection mechanisms
M1033. Limit software installation	354. Prevent firmware downgrades
M1032. Multi-factor authentication	229. Request access credentials 328. Request MFA for critical systems 362. Assign MFA mechanisms to a single account
M1031. Network intrusion prevention	033. Restrict administrative access 247. Hide SSID on private networks 249. Locate access points 251. Change access point IP 255. Allow access only to the necessary ports
M1030. Network segmentation	033. Restrict administrative access 259. Segment the organization network
M1027. Password policies	126. Set a password regeneration mechanism 127. Store hashed passwords 129. Validate previous passwords 130. Limit password lifespan 131. Deny multiple password changing attempts 133. Passwords with at least 20 characters 136. Force temporary password change 137. Change temporary passwords of third parties 138. Define lifespan for temporary passwords 332. Prevent the use of breached passwords 367. Proper generation of temporary passwords 380. Define a password management tool
M1026. Privileged account management	025. Manage concurrent sessions 033. Restrict administrative access 034. Manage user accounts 035. Manage privilege modifications 095. Define users with privileges 096. Set user's required privileges
M1025. Privileged process integrity	046. Manage the integrity of critical files 224. Use secure cryptographic mechanisms 231. Implement a biometric verification component 232. Require equipment identity 265. Restrict access to critical processes 328. Request MFA for critical systems 337. Make critical logic flows thread safe
M1029. Remote data storage	075. Record exceptional events in logs 083. Avoid logging sensitive data 085. Allow session history queries 176. Restrict system objects 213. Allow geographic location 350. Enable memory protection mechanisms
M1022. Restrict file and directory permissions	176. Restrict system objects 280. Restrict service root directory
M1021. Restrict web-based content	029. Cookies with security attributes 118. Inspect attachments 175. Protect pages from clickjacking 258. Filter website content 349. Include HTTP security headers
M1020. SSL/TLS inspection	336. Disable insecure TLS versions
M1051. Update software	302. Declare dependencies explicitly 353. Schedule firmware updates
M1018. User account management	025. Manage concurrent sessions 034. Manage user accounts 096. Set user's required privileges
M1016. Vulnerability scanning	041. Scan files for malicious code 062. Define standard configurations 154. Eliminate backdoors 155. Application free of malicious code
M1015. Active directory configuration	062. Define standard configurations
M1013. Application developer guidance	154. Eliminate backdoors 155. Application free of malicious code 156. Source code without sensitive information 157. Use the strict mode 158. Use a secure programming language 159. Obfuscate code 160. Encode system outputs 161. Define secure default options 162. Avoid duplicate code 164. Use optimized structures 167. Close unused resources 168. Initialize variables explicitly 169. Use parameterized queries 171. Remove commented-out code 172. Encrypt connection strings 173. Discard unsafe inputs 175. Protect pages from clickjacking 323. Exclude unverifiable files 337. Make critical logic flows thread safe 344. Avoid dynamic code execution 345. Establish protections against overflows 379. Keep low McCabe cyclomatic complexity
M1042. Disable or remove feature or program	062. Define standard configurations 266. Disable insecure functionalities
M1028. Operating system configuration	062. Define standard configurations
M1056. Pre-compromise	035. Manage privilege modifications 095. Define users with privileges 186. Use the principle of least privilege
M1044. Restrict library loading	155. Application free of malicious code 302. Declare dependencies explicitly
M1024. Restrict registry permissions	035. Manage privilege modifications 062. Define standard configurations 095. Define users with privileges 096. Set user's required privileges
M1054. Software configuration	266. Disable insecure functionalities
M1052. User account control	035. Manage privilege modifications 095. Define users with privileges 096. Set user's required privileges

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.