Use optimized structures
Summary
The code must use optimized data containers or structures.
Supported In
This requirement is verified in following services:
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- OWASP-M TOP 10-M7. Poor code quality
- Agile Alliance-9. Continuous attention to technical excellence and good design
- CERT-J-MSC04-J. Do not leak memory
- MITRE ATT&CK®-M1013. Application developer guidance
- SANS 25-4. Improper Input Validation
- SANS 25-19. Improper Restriction of Operations within the Bounds of a Memory Buffer
- SANS 25-25. Improper Control of Generation of Code ('Code Injection')
- CMMC-CA_L2-3_12_2. Plan of action
- ISO/IEC 27002-8_28. Secure coding
- WASC-A_07. Buffer overflow
- ISSAF-P_6_3. Host security - Linux security (buffer overflows)
- ISSAF-U_15. Web application SQL injections – Countermeasures
- OWASP MASVS-V7_8. Code quality and build setting requirements
- OWASP SAMM-IR_3. Code review process to discover language-level and application-specific risks
- OWASP ASVS-5_4_1. Memory, string, and unmanaged code
- C2M2-9_4_d. Implement software security for cybersecurity architecture
- SIG Lite-SL_89. Is there a formal Software Development Life Cycle (SDLC) process?
- SIG Core-I_2_1. Application security
- CWE™-400. Uncontrolled resource consumption
- CWE™-1325. Improperly controlled sequential memory allocation
- OWASP ASVS-14_1_2. Build and deploy
- CWE TOP 25-94. Improper Control of Generation of Code ('Code Injection')
- ISO/IEC 27001-8_28. Secure coding
Vulnerabilities
- 067. Improper resource allocation
- 113. Improper type assignation
- 233. Incomplete funcional code
- 316. Improper resource allocation - Buffer overflow
- 317. Improper resource allocation - Memory leak
- 391. Inappropriate coding practices - Unused properties
- 423. Inappropriate coding practices - System exit
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.