2.3 Producing robust rogramd

Question 1

What happens if we fail to check if a program is robust

Answer 1

The program wont function correctly / will not do the job its supposed to do.​

The program may be unsecure and data that it holds may become compromised.​

​

Question 2

What are ways to ensure our program is robust

Answer 2

Input Sanitisation​

Anticipating Misuse and Input Validation​

Authentication​

Maintainability of Code​

Testing​

Question 3

What is input sanitation

Answer 3

This is where data entered is cleaned of any unwanted characters that the user may enter.

Question 4

What is an SQL Injection

Answer 4

When you log in to an account, you will add your username and password into a couple of input boxes.​

With SQL injections, you can ‘bolt on’ some SQL to the end of your password. This will then alter the SQL statement and allow you to access the accounts of other users.​

Question 5

What is Input Validation

Answer 5

Input validation is when a system will check that the input meets certain criteria, so to ensure that the data is in an acceptable form.​
For example, if a user is to input their email address to enable them to sign up to a user account, input validation can check to see if the entered email address in the expected form (contains an @ symbol and ends with a domain type (.co.uk)).​
​

Question 6

What is a whitelist

Answer 6

A whitelist is a lists of data that the program being created, should accept. All other data should be rejected by the program.​

​

Question 7

What is a blacklist

Answer 7

A blacklist is a list of data that the program being created, should reject. All other data should be accepted by the program.

Question 8

Whitelists vs blacklists

Answer 8

​

Whitelists are often more effective and secure. They are much more restrictive and often take a long time to produce but at least you know that the program cannot accept any data that you have not already planned for.​

​

On the other hand, blacklists are often quite quick to produce and do not make the system as restrictive, but it is often impossible to think of every input that could cause threat to the system and are therefore not as secure.

Question 9

Authentication

Answer 9

Another defensive strategy is to ensure that systems have some form of authentication.​

​

In other word, having passwords to only allow certain users…​

…and potentially limiting the access of the various parts of the system (access rights).

Question 10

Maintainability

Answer 10

Another defence strategy is to ensure that code is maintainable. This means that code is written in such a way that when other programmers are asked to develop the code, they can make full sense of it, therefore reducing the chance of introducing coding mistakes / bugs.​

Question 11

What are comments

Answer 11

Most languages will allow you to write text amongst your code which is ignored by the compiler. This facility is used as ‘comments’ which are important in making the code understandable for both the programmer or their colleagues.​

Question 12

What comments should be included in code

Answer 12

Program Header: program name, author, date or last edit, program description, bug fixes & remaining issues.​

​Subroutines :

Constant & Variable Declaration : These should have a short description of their purpose.​

Throughout main code :There should be sufficient detail about what is happening throughout the algorithm

Question 13

What differentiates good and bad commenting

Answer 13

Separated by a space between codes

Question 14

Indentation

Answer 14

Each time a new code structure is used, the code within the structure should be indented underneath. This should create a strip of whitespace down the page from the beginning to the end of the structure.​

​

This makes it clear where each structure starts and finishes and which structures are nested within others.​

Question 15

Formatting

Answer 15

As well as indentation, the code should be grouped together in logical blocks by splitting them up with blank lines. Think of this as splitting your code up like you would an essay with paragraphs.​

Question 16

The purpose of testing

Answer 16

testing is required to ensure that a developed program functions as it was designed and meets the needs of the end user.​

Question 17

What are the various reasons ad to why a program may not work

Answer 17

Errors in the syntax mean that the program will not run properly​

Errors in the logic of the code mean that the program produces unexpected results​

Errors in the overall design of the program mean that the program doesn’t do the job it was supposed to do​

Question 18

What is iterative testing

Answer 18

Testing should be ongoing throughout the development process.​

You code an aspect of your program and test it before moving on.​

Question 19

What is final testing

Answer 19

At the end of the development, when the program is complete, the program should be tested again (as a whole) against the requirements of the customer to ensure their needs have been met.​

​

Question 20

What are the three types of errors that can occur in a program

Answer 20

Syntax​

Logic​

Run-Time Errors

Question 21

What is a syntax error

Answer 21

A syntax error is simply an error where the code written doesn’t meet the rules of the programming language.​

Question 22

What are logic errors

Answer 22

A logic error is one where the code is written in accordance with the programming rules and is therefore translated and runs, however, the program produces unexpected results.​

​

A common logic error is an incorrect maths statement.​

Question 23

What are run time errors

Answer 23

When the code is free of syntax errors and logic errors, there is still one more error that can result.​

​

A run-time error will occur to a normal working program if some extreme conditions occur.​

​

One example maybe that the program has got into a situation where it is to perform arithmetic which has an impossible answer:​

Question 24

What are the testing strategies

Answer 24

Black box testing
White box testing

Question 25

Black box testing

Answer 25

This only deals with the inputs and outputs of the program and not how the algorithms work.

Question 26

White box testing ​

​

Answer 26

​This only deals with the algorithms to make sure that they function correctly.​

​

Question 27

What are test plans used for

Answer 27

to ensure that a system is fully tested​
to document the outcomes.​

Question 28

What are test plans made up of

Answer 28

The test data​

The reason for the test​

The expected outcome​

The actual result (which is added later – after development)

Question 29

What are dry runs

Answer 29

At times, when errors are not as obvious to spot, it can be helpful to go through the code manually. Executing the code (in your head) and recording the effects on the various variables. This is a ‘Dry Run’

A dry run is often done using a trace table.​

Question 30

Acceptance testing

Answer 30

Acceptance testing takes place to ensure that the final product (now free of errors), meets the needs of the user and client.​

Question 31

Acceptance testing strategies

Answer 31

Alpha and beta testing

Question 32

Alpha testing

Answer 32

After the product has been ‘Black/White Box Tested’ it is tried by the programmers who pretend to be the end users (in-house) who check to see if the program has met it’s objectives and whether it does what it should do.​

Question 33

Beta testing

Answer 33

​

After a program has been Alpha tested it is beta tested.​

​

This is the last test before it is widely distributed.​

​

Often involves large numbers of ‘real’ users, using the software under realistic conditions – often heavy duty demanding users.​