Use optimized structures
Summary
The code must use optimized data containers or structures.
Description
Source code must have optimized data structures that can lead to use memory efficiently. By choosing the right data structures for specific tasks, developers can minimize memory overhead of the application. Additionally, the use of data structures influences the performance of algorithms. Optimized data structures can help to have more efficient algorithms, reducing the complexity of operations.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- OWASP-M TOP 10-M7. Poor code quality
- Agile Alliance-9. Continuous attention to technical excellence and good design
- CERT-J-MSC04-J. Do not leak memory
- MITRE ATT&CK®-M1013. Application developer guidance
- SANS 25-6. Improper input validation
- SANS 25-17. Improper restriction of operations within the bounds of a memory buffer
- SANS 25-23. Improper Control of Generation of Code ('Code Injection')
- CMMC-CA_L2-3_12_2. Plan of action
- ISO/IEC 27002-8_28. Secure coding
- WASC-A_07. Buffer overflow
- ISSAF-P_6_3. Host security - Linux security (buffer overflows)
- ISSAF-U_15. Web application SQL injections – Countermeasures
- OWASP SAMM-ST. Security Testing
- OWASP ASVS-5_4_1. Memory, string, and unmanaged code
- C2M2-9_4_d. Implement software security for cybersecurity architecture
- SIG Lite-SL_89. Is there a formal Software Development Life Cycle (SDLC) process?
- SIG Core-I_2_1. Application security
- CWE™-400. Uncontrolled resource consumption
- CWE™-1325. Improperly controlled sequential memory allocation
- OWASP ASVS-14_1_2. Build and deploy
- CWE TOP 25-20. Improper input validation
- CWE TOP 25-94. Improper Control of Generation of Code ('Code Injection')
- CWE TOP 25-119. Improper restriction of operations within the bounds of a memory buffer
- ISO/IEC 27001-8_28. Secure coding
- OWASP API Security Top 10-API4. Lack of Resources & Rate Limiting
Vulnerabilities
- 067. Improper resource allocation
- 113. Improper type assignation
- 233. Incomplete funcional code
- 316. Improper resource allocation - Buffer overflow
- 317. Improper resource allocation - Memory leak
- 391. Inappropriate coding practices - Unused properties
- 423. Inappropriate coding practices - System exit
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.