Poor Code Quality

Poor code quality is not inherently a security vulnerability but often introduces exploitable weaknesses. For example, buffer overflow vulnerabilities in older versions of Safari led to high-risk drive-by jailbreak attacks. Poor code quality issues are commonly exploited through malware or phishing campaigns, enabling attackers to execute arbitrary code, steal sensitive data, or compromise the entire system.

Remediation

Use secure coding standards to minimise the introduction of vulnerabilities during the development process.
Conduct regular static and dynamic code analysis to identify and remediate poor code quality issues early.
Perform comprehensive testing, including edge case and stress testing, to uncover buffer overflows and other potential weaknesses.
Avoid unsafe functions or practices, such as unchecked array bounds or improper memory management, particularly in low-level programming.

Metadata

Severity: medium
Slug: poor-code-quality

OWASP

M7:2026: Poor Code Quality

Available Labs

Open Java labs in SecDim Play for this vulnerability.

easy

Broadcast Receiver.android

Java Easy Android Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.