3.1 Defensive Desgin Flashcards
What are the things you must consider when creating a program that is secure and robust
. Anticipating Misuse
. Input Sanitization
. Validation
. Verification
. Authentication
. Maintainable Code
Anticipating Misuse
Planning ahead to take steps against potential misuse (e.g Twitter preventing the same tweet sent twice in a row).
Input Sanitisation
Cleaning up data that has been input, (e.g. removing special characters to prevent a SQL injection).
Validation
Checking whether input data follows criteria and should be accepted. (e.g. length check on a password).
Verification
Checking whether data has been entered correctly (e.g. double entry).
Authentication
Ensuring only authorised users can gain access to a system (e.g. passwords)
Maintainable Code
Allowing other programmers to understand the code (e.g. comments, indentation, meaningful variable names).
What is validation
Validation is a process to check that data is reasonable or sensible before it is accepted.
What is a Range Check
Checks data is within a certain range.
What is a Type Check
Checks data is a certain data type.
What is a Format Check
Checks data is entered in a certain way.
What is a Presence Check
Checks that data has actually been entered and not left blank.
What is a Lookup Table
A table of acceptable entries, also known as a list.
What is a Length Check
Checks the length of the input is within a certain amount.
How should Programs be written
Programs should be written in a way that makes maintaining and understanding them as straightforward as possible.
What are examples of making a program maintainable:
.Using subprograms to reuse code and make them easier to test. This is called modularization
.Appropriate variable names, using a naming convention, ensure the purpose of a variable is immediately understood
.Using indentation to improve readability and clearly show each ‘block’ of code.
.Comments enable a programmer to understand the purpose of each line of code. Crucial when working in a team.
Using constants is another method of improving maintainability. This keeps the program code consistent, which makes it easier to read and debug a program.
