Use the strict mode
Summary
The organization should set its parsers, linters, compilers and interpreters to run in strict mode.
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- CAPEC™-123. Buffer manipulation
- CAPEC™-129. Pointer manipulation
- CAPEC™-130. Excessive allocation
- CWE™-611. Improper restriction of XML External Entity reference
- OWASP TOP 10-A5. Security misconfiguration
- OWASP-M TOP 10-M7. Poor code quality
- Agile Alliance-9. Continuous attention to technical excellence and good design
- MISRA-C-1_4. The compiler/linker shall be checked
- MITRE ATT&CK®-M1013. Application developer guidance
- PA-DSS-5_2_2. Buffer Overflow
- SANS 25-1. Out-of-bounds Write
- SANS 25-3. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- SANS 25-5. Out-of-bounds Read
- SANS 25-7. Use After Free
- SANS 25-19. Improper Restriction of Operations within the Bounds of a Memory Buffer
- SANS 25-24. Improper Restriction of XML External Entity Reference
- WASSEC-5_3. Parser tolerance
- NIST SSDF-PW_6_1. Configure the compilation, interpreter, and build processes to improve executable security
- CWE TOP 25-416. User after free
- CWE TOP 25-787. Out-of-bounds Write
- OWASP SAMM-IR_3. Code review process to discover language-level and application-specific risks
- OWASP ASVS-5_5_2. Deserialization prevention
- OWASP ASVS-14_1_2. Build and deploy
- CASA-5_5_2. Deserialization Prevention
Vulnerabilities
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.