Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-1060:Excessive Number of Inefficient Server-Side Data Accesses
Weakness ID:1060
Version:v4.17
Weakness Name:Excessive Number of Inefficient Server-Side Data Accesses
Vulnerability Mapping:Prohibited
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product performs too many data queries without using efficient data processing functionality such as stored procedures.

▼Extended Description

This issue can make the product perform more slowly due to computational expense. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.

While the interpretation of "too many data queries" may vary for each product or developer, CISQ recommends a default maximum of 5 data queries for an inefficient function/procedure.

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowed-with-ReviewC1120Excessive Code Complexity
Nature: ChildOf
Mapping: Allowed-with-Review
Type: Class
ID: 1120
Name: Excessive Code Complexity
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC1132CISQ Quality Measures (2016) - Performance Efficiency
MemberOfProhibitedC1226Complexity Issues
MemberOfProhibitedC1309CISQ Quality Measures - Efficiency
MemberOfProhibitedC1412Comprehensive Categorization: Poor Coding Practices
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1132
Name: CISQ Quality Measures (2016) - Performance Efficiency
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1226
Name: Complexity Issues
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1309
Name: CISQ Quality Measures - Efficiency
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1412
Name: Comprehensive Categorization: Poor Coding Practices
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-313Reduce Performance (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-313
Name: Reduce Performance (impact)
▼Relevant To View
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC1226Complexity Issues
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1226
Name: Complexity Issues
Relevant to the view"CISQ Quality Measures (2020) - (1305)"
NatureMappingTypeIDName
MemberOfProhibitedC1309CISQ Quality Measures - Efficiency
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1309
Name: CISQ Quality Measures - Efficiency
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
OtherN/AReduce Performance
N/A
Scope: Other
Likelihood: N/A
Impact: Reduce Performance
Note:
N/A
▼Potential Mitigations
▼Modes Of Introduction
▼Applicable Platforms
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      Indirect
      N/A
      Ordinality: Indirect
      Description:
      N/A
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Prohibited
      Reason:Other
      Rationale:

      This entry is primarily a quality issue with no direct security implications.

      Comments:

      Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      OMG ASCPEMASCPEM-PRF-9N/AN/A
      Taxonomy Name: OMG ASCPEM
      Entry ID: ASCPEM-PRF-9
      Fit: N/A
      Entry Name: N/A
      ▼Related Attack Patterns
      IDName
      ▼References
      Reference ID: REF-959
      Title: Automated Source Code Performance Efficiency Measure (ASCPEM)
      Author: Object Management Group (OMG)
      Section: ASCPEM-PRF-9
      Publication:
      Publisher:
      Edition:
      URL:https://www.omg.org/spec/ASCPEM/
      URL Date:2023-04-07
      Day:N/A
      Month:01
      Year:2016
      Details not found