164 – Use optimized structures

Summary

The code must use optimized data containers or structures.

Description

Source code must have optimized data structures that can lead to use memory efficiently. By choosing the right data structures for specific tasks, developers can minimize memory overhead of the application. Additionally, the use of data structures influences the performance of algorithms. Optimized data structures can help to have more efficient algorithms, reducing the complexity of operations.

Supported In

Advanced: True

References

• OWASPM10-M7. Poor code quality
• AGILE-9. Continuous attention to technical excellence and good design
• CERTJ-MSC04-J. Do not leak memory
• MITRE-M1013. Application developer guidance
• SANS25-6. Improper input validation
• SANS25-17. Improper restriction of operations within the bounds of a memory buffer
• SANS25-23. Improper Control of Generation of Code ('Code Injection')
• CMMC-CA_L2-3_12_2. Plan of action
• ISO27002-8_28. Secure coding
• WASC-A_07. Buffer overflow
• ISSAF-P_6_3. Host security - Linux security (buffer overflows)
• ISSAF-U_15. Web application SQL injections – Countermeasures
• OSAMM-ST. Security Testing
• ASVS-5_4_1. Memory, string, and unmanaged code
• C2M2-9_4_d. Implement software security for cybersecurity architecture
• SIGLITE-SL_89. Is there a formal Software Development Life Cycle (SDLC) process?
• SIG-I_2_1. Application security
• CWE-400. Uncontrolled resource consumption
• CWE-1325. Improperly controlled sequential memory allocation
• ASVS-14_1_2. Build and deploy
• CWE25-20. Improper input validation
• CWE25-94. Improper Control of Generation of Code ('Code Injection')
• CWE25-119. Improper restriction of operations within the bounds of a memory buffer
• ISO27001-8_28. Secure coding
• OWASPAPI-API4. Lack of Resources & Rate Limiting

Weaknesses

• 113 – Improper type assignation
• 233 – Incomplete funcional code
• 316 – Improper resource allocation - Buffer overflow
• 317 – Improper resource allocation - Memory leak
• 391 – Inappropriate coding practices - Unused properties
• 423 – Inappropriate coding practices - System exit
• 067 – Improper resource allocation

Last updated

2024/02/09