Chapter 6 - Inputs & Outputs Flashcards
What must defensive design do?
-Ensure the software does not have bugs or any backdoor access that would allow hacking and cyberattacks while running .
-prevent the program from behaving in an unintended way, e.g. crashing, as a result of unexpected inputs
-Check that all commands and inputs are sensible (input validation)
-Handle any invalid or absurd inputs sensibly, if they are not filtered our beforehand.
What is defensive design
The process of designing robust programs not susceptible to the above risks.
What is paranoid?
don’t trust any user (or any fellow coder on your team) not to try to break the program
Assuming everyone is an idiot, and that they cannot read manuals, instructions or error messages. Expect them to enter rubbish inputs and code for that eventuality
Expecting hackers to try to gain entry into your computer systems, or DDoS attack you.
Distributes Denial of Service Attack(DDoS) attack
What is security vulnerability
Code written in such a way as to cause a security issues
Name two ways users can break the username/password procedure
Keep trying - set up a program to try thousands/millions of username/password combinations will successful.
A DDoS attack - Same as above, but spamming log in attempts to bring the website down, rather than attempting to find a username/password combination.
How can you improve the procedures defensiveness?
A presence check - filters out login attempts with a blank username
a length check - filters out usernames that are too short or long.
A range check - filters out usernames containing non alpha-numeric characters
What are “a presence check”,”a length check” or a “a range check” called?
input validation checks
what happens if the user passes these input validation checks?
-server will search for username match
-if there is one it will ask for password
-reduces load on the server as only searches for matching fields one at a time
-user will only have certain number of login attempts before website kicks them off
-prevents hackers from using automatic scripts to DDoS attack the website
What are good coding practices
Sub-programs, variable identifier naming conventions, indentations and comments
what is sub-programs?
Functions, procedures or even splitting your program into different scripts. Each sub-program has its own purpose that is easy to follow. The #MainProgramCode section is small - the sub-programs are called from it
What is variable identifier naming conventions?
It is easier to follow the logic of a program if all identifiers are chosen using the same convention, and follow the rules from chapter 1
What are indentations?
These not only make python code work, but also let people clearly see the code logic
What are comments?
Comments don’t seem important when writing code, but are invaluable when trying to understand it later
What is modular testing
Testing a block of code of sub-program. The code is small, allowing any bugs to be fixed easily
What is iterative testing
Testing the whole code many times throughout its development, so bugs to be fixed easily
