3.1 Defensive Desgin Flashcards
What are the things you must consider when creating a program that is secure and robust
. Anticipating Misuse
. Input Sanitization
. Validation
. Verification
. Authentication
. Maintainable Code
Anticipating Misuse
Planning ahead to take steps against potential misuse (e.g Twitter preventing the same tweet sent twice in a row).
Input Sanitisation
Cleaning up data that has been input, (e.g. removing special characters to prevent a SQL injection).
Validation
Checking whether input data follows criteria and should be accepted. (e.g. length check on a password).
Verification
Checking whether data has been entered correctly (e.g. double entry).
Authentication
Ensuring only authorised users can gain access to a system (e.g. passwords)
Maintainable Code
Allowing other programmers to understand the code (e.g. comments, indentation, meaningful variable names).
What is validation
Validation is a process to check that data is reasonable or sensible before it is accepted.
What is a Range Check
Checks data is within a certain range.
What is a Type Check
Checks data is a certain data type.
What is a Format Check
Checks data is entered in a certain way.
What is a Presence Check
Checks that data has actually been entered and not left blank.
What is a Lookup Table
A table of acceptable entries, also known as a list.
What is a Length Check
Checks the length of the input is within a certain amount.
How should Programs be written
Programs should be written in a way that makes maintaining and understanding them as straightforward as possible.
