#OASAM-CONF: Configuration and Deploy Management
Errors in the configuration of the application or components compromise the application security. At this stage, various errors in the configuration or in the application deploy options are defined.
The following controls are applied in this section:
OASAM-CONF-001:Unrestricted debugging. Applications with debugging mode enabled.
OASAM-CONF-002:Use of libraries not updated. List of vulnerable third-party libraries in use.
OASAM-CONF-003:Default and backup files. List of backup files stored in the application.
OASAM-CONF-004:Metadata about the files. List of metadata applicable to file within the application.
OASAM-CONF-005:Insufficient WebView hardening. List of enabled options on WebViews.
OASAM-CONF-006:Improper file permissions. List of permissions of the files created by the application.
OASAM-CONF-007:Improper Content Provider permissions. List of Content Provider component permissions.
OASAM-CONF-008:Improper Activities permissions. List of Activities component permissions.
OASAM-CONF-009:Improper Services permissions. List of Services component permissions.
OASAM-CONF-010:Improper Broadcast Receivers permissions. List of Broadcast Receivers component permissions.
OASAM-CONF-011:Improper Database permissions. List of permissions of the databases created by the application.
OASAM-CONF-012:Improper Shared Preferences permissions. List of permissions of the shared preferences created by the application.