The code must use optimized data containers or structures.
CWE-20: Improper Input Validation. The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
OWASP-ASVS v4.0.1 V5.1 Input Validation Requirements.(5.1.4) Verify that structured data is strongly typed and validated against a defined schema including allowed characters, length and pattern (e.g., credit card numbers or telephone, or validating that two related fields are reasonable, such as checking that suburb and zip/postcode match).
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation