Close unused resources
Summary
The source code must implement mechanisms to ensure the closure of any unused open resources.
Description
By closing unused resources the system ensures optimal resource utilization. Resources are finite, especially those with external dependencies (e.g., files I/O operations, network connections). Failing to release them can impact the system's ability to handle new requests, leading to performance downgrade and potential denial of service (DoS) conditions.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🔴 |
Advanced | 🟢 |
References
- CWE™-404. Improper resource shutdown or release
- OWASP TOP 10-A6. Vulnerable and outdated components
- Agile Alliance-9. Continuous attention to technical excellence and good design
- MITRE ATT&CK®-M1013. Application developer guidance
- MITRE ATT&CK®-M1035. Limit access to resource over network
- CMMC-AT_L2-3_2_1. Role-based risk awareness
- CMMC-CM_L2-3_4_7. Nonessential functionality
- OSSTMM3-11_9_3. Data networks security - Limitations mapping
- ISSAF-U_15. Web application SQL injections – Countermeasures
- OWASP SCP-10. System configuration
- OWASP SCP-11. Database security
- OWASP SCP-13. Memory management
- SIG Core-I_3_2_5. Application security
- SIG Core-M_1_2. End user device security
- SIG Core-U_1_2_1. Server security
Vulnerabilities
- 391. Inappropriate coding practices - Unused properties
- 423. Inappropriate coding practices - System exit
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.