AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Use Of Manual Garbage Collect

The attacker may trigger performance problems and create denial of service situation

Severity

Medium

Fix Cost

High

Trust Level

High

Garbage collection is a way of automatic memory management used by programming languages and frameworks. Memory resources are released by the runtime when they are no longer used by the code.

When dealing with memory intensive operations, such as reading huge files into memory one or more times, out of memory exceptions may be thrown.

Usually when we face with similar cases in order not to spend too much time we tend to incorrectly mitigate the issue by calling garbage collection explicitly, as such;

            
System.GC.Collect();
            
            

However, this is usually just quick win and not the root cause of the extensive memory usage. With same operation that causes the problem occur one or more times, the memory problem rises again.

Garbage collection is a way of automatic memory management used by programming languages and frameworks. Memory resources are released by the runtime when they are no longer used by the code.

When dealing with memory intensive operations, such as reading huge files into memory one or more times, out of memory exceptions may be thrown.

Usually when we face with similar cases in order not to spend too much time we tend to incorrectly mitigate the issue by calling garbage collection explicitly, as such;

            
System.gc();
            
            

However, this is usually just quick win and not the root cause of the extensive memory usage. With same operation that causes the problem occur one or more times, the memory problem rises again. Moreover, still, JVM decides (best effort) when to execute garbage collection even with the manual calling.

Garbage collection is a way of automatic memory management used by programming languages and frameworks. Memory resources are released by the runtime when they are no longer used by the code.

When dealing with memory intensive operations, such as reading huge files into memory one or more times, out of memory exceptions may be thrown.

Usually when we face with similar cases in order not to spend too much time we tend to incorrectly mitigate the issue by calling garbage collection explicitly, as such;

            
System.gc();
            
            

However, this is usually just quick win and not the root cause of the extensive memory usage. With same operation that causes the problem occur one or more times, the memory problem rises again. Moreover, still, JVM decides (best effort) when to execute garbage collection even with the manual calling.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!