This is the first in a series of blog posts about the OWASP Top 10. I’m writing this as much for me as for anyone else who stumbles upon this blog. It’s always a good idea to keep security top of mind when developing software. So, I decided to write a series on the OWASP Top 10 security vulnerabilities. You can find the OWASP Top 10 List here
.
This is part 1 of the series, which will will focus on the #1 vulnerability as of 2021: Broken Access Control
.
Data lookups can often cause a common performance problem to be introduced into code. In this post, we’ll look at an example of that problem and one possible solution.
For this example, we’ll be using a C# console application that reads from the country table of the MySql sakila sample database. However, the refactoring solution presented is language and database agnostic.
This solution is only meant to demonstrate a common problem with nested loops.
Including the primary key in the SQL query when no other index exists on the target table can drastically reduce the amount of database resources it takes to find the data you are looking for. This can prevent performance degradation for other users by keeping the queries running quickly and efficiently. It can also help you find the data you are looking for much more quickly. You may just need to do a little bit of work to figure out how to find the correct key values that equate to the data you are searching for.
One thing that I have learned in 25 years of experience working in software development is that there is always a trade-off for any decision.
Do you need to make an algorithm highly performant? Then you may need to make some sacrifices in maintainability and readability.
Do you need to make the architecture of a software system extremely flexible and resilient to change? Then you may need to make the architecture more complex.
