CAST App Name Recommendations Remediation Recommendations CAST Confidential

CAST <App. Name> - Recommendations Remediation Recommendations CAST Confidential

<App. Name> – Health Overview Total Quality Index Overall health of the application Ramp up difficulties for newcomers CAST Confidential Likelihood of outage, data integrity or reliability issues Technical Size Resource consumption, scalability and performance issues Security issues and high likelihood of breaches Cost to restore applications back to healthy state Adaptability to changing regulations and business needs Hard-to-find structural flaws that may lead to software catastrophes

Avoid excessive object creation Be wary of object creation inside of tight loops when executing performancecritical code. Object creation is expensive enough that you should avoid unnecessarily creating temporary or intermediate objects in situations where performance is an issue. 294 C# methods CAST Confidential

Uncontrolled Format String In cases such as localization and internationalization, the language-specific message repositories could be an avenue for exploitation, but the format string issue would be resultant, since attacker control of those repositories would also allow modification of message length, format, and content. CAST Confidential

Method Calls Impact Performance Terminating loops with method calls can cause a significant overhead. CAST Confidential

Avoid Resource Leaks Incorrect resource management is a common source of failures in production applications, with the usual pitfalls being database connections and file descriptors remaining opened after an exception has occurred somewhere else in the code. Does not throw an error like it does on line 69 Streams ms and cs not closed Best handled using try/catch/finally CAST Confidential

SQL inside a loop Having an SQL query inside a loop is usually the source of problems especially if the number of iterations become very high. This iterative pattern has proved to be very dangerous for application performance and scalability. 2 loops with potentially 2 large transactions COMMIT TRAN with incorrect error checking @current. Count is unused CAST Confidential

Avoid SQL Data Inconsistencies A query that retrieves all columns of a table with a SELECT * can potentially be the source of important changeability problems. One cannot control how the columns will be ordered and returned to the client. This can lead to important data inconsistencies and thus stability issues. CAST Confidential

Inefficient Non-indexed SQL Queries are potentially performance killers. Each execution of the query will result in a full table scan which is extremely time consuming. CAST Confidential

Lack of Backup Having no default keyword, means that there is no backup. The cases that are "impossible" today are those most likely to be the causes of untraceable bugs in the future, when the impossible changes to the standard. CAST Confidential

Avoid Generic Exceptions Whenever a method throws an exception of type Exception, it prevents its callers from carrying out the specific recovery process that is needed and as a consequence this will threaten both application robustness and security. CAST Confidential

Empty Catch Blocks An empty catch block defeats the purpose of exceptions. When an exception occurs, nothing happens and the program fails for an unknown reason. The application can be in an unknown state that will affect subsequent processing. Since the reason for the issue (the exception type and potential embedded message) are ignored, it will require more time to fix the issue. CAST Confidential

Cleanup Resources An empty finally block is most probably the sign of potential "resource leaks" that will jeopardize the application's stability. CAST Confidential