Debug Symbols Present in the Application

Description

The application should provide as little explanatory information as possible with the compiled code. Metadata such as debugging information, line numbers, and descriptive function or method names make the binary or byte-code easier to reverse engineer.

These symbols can be saved in "Stabs" format, the DWARF format, or in .symbols r .symbolsmap files. It is noteworthy that most crash reporting tools support uploading symbols to perform stack trace symbolization and don't require symbols to be present in the application.

Recommendation

Remove all symbols and debug data from the application. To do so, ensure the setting Strip Debug Symbols During Copy to YES. The settings are in the Deployment / Settings menu.

Links

Standards

OWASP_MASVS_L1:
- MSTG_CODE_3
OWASP_MASVS_L2:
- MSTG_CODE_3
PCI_STANDARDS:
- REQ_2_2
- REQ_6_2