Fluid Attacks Database

Use optimized structures

Summary

The code must use optimized data containers or structures.

Description

Source code must have optimized data structures that can lead to use memory efficiently. By choosing the right data structures for specific tasks, developers can minimize memory overhead of the application. Additionally, the use of data structures influences the performance of algorithms. Optimized data structures can help to have more efficient algorithms, reducing the complexity of operations.

References

OWASPM10-M7. Poor code quality
AGILE-9. Continuous attention to technical excellence and good design
CERTJ-MSC04-J. Do not leak memory
MITRE-M1013. Application developer guidance
SANS25-6. Improper input validation
SANS25-17. Improper restriction of operations within the bounds of a memory buffer
SANS25-23. Improper Control of Generation of Code ('Code Injection')
CMMC-CA_L2-3_12_2. Plan of action
ISO27002-8_28. Secure coding
WASC-A_07. Buffer overflow
ISSAF-P_6_3. Host security - Linux security (buffer overflows)
ISSAF-U_15. Web application SQL injections – Countermeasures
OSAMM-ST. Security Testing
ASVS-5_4_1. Memory, string, and unmanaged code
C2M2-9_4_d. Implement software security for cybersecurity architecture
SIGLITE-SL_89. Is there a formal Software Development Life Cycle (SDLC) process?
SIG-I_2_1. Application security
CWE-400. Uncontrolled resource consumption
CWE-1325. Improperly controlled sequential memory allocation
ASVS-14_1_2. Build and deploy
CWE25-20. Improper input validation
CWE25-94. Improper Control of Generation of Code ('Code Injection')
CWE25-119. Improper restriction of operations within the bounds of a memory buffer
ISO27001-8_28. Secure coding
OWASPAPI-API4. Lack of Resources & Rate Limiting

Weaknesses

067. Improper resource allocation
113. Improper type assignation
233. Incomplete functional code
316. Improper resource allocation - Buffer overflow
317. Improper resource allocation - Memory leak
391. Inappropriate coding practices - Unused properties
423. Inappropriate coding practices - System exit

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

Supported In

This requirement is verified in following services

Essential Plan

Advanced Plan

Yes