Description
The product performs too many data queries without using efficient data processing functionality such as stored procedures.
While the interpretation of "too many data queries" may vary for each product or developer, CISQ recommends a default maximum of 5 data queries for an inefficient function/procedure.
Potential Impact
Other
Reduce Performance
Related Weaknesses
Taxonomy Mappings
- OMG ASCPEM: ASCPEM-PRF-9 —
Frequently Asked Questions
What is CWE-1060?
CWE-1060 (Excessive Number of Inefficient Server-Side Data Accesses) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product performs too many data queries without using efficient data processing functionality such as stored procedures.
How can CWE-1060 be exploited?
Attackers can exploit CWE-1060 (Excessive Number of Inefficient Server-Side Data Accesses) to reduce performance. This weakness is typically introduced during the Implementation, Architecture and Design phase of software development.
How do I prevent CWE-1060?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1060?
CWE-1060 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.