Defensive design

Question 1

What is the purpose of defensive design?

Answer 1

to ensure that a program runs correctly and continues to run no matter what actions a user takes. This is done through planning for all possibilities (contingencies) and thinking about what a user may do that the program does not expect

Question 2

What 3 areas does defensive design encompass?

Answer 2

• protection against unexpected user inputs or actions, such as a user entering a letter where a number was expected
• maintainability - ensuring code is readable and understandable
• minimising/removing bugs

Question 3

How is the anticipation and protection of a program carried out?

Answer 3

through....
validation
sanitisation
authentication
maintenance
testing

Question 4

What does validation do?

Answer 4

checks data and inputs to ensure that it is sensible or reasonable.

Question 5

What types of validation can be built into a program?

Answer 5

• Range check
• Length check
• Presence check
• Format check
• Type check

Question 6

What does a range check do?

Answer 6

checks that the input must fall within a specified range

Question 7

What does a range check apply to?

Answer 7

numbers and dates, but can apply to characters.

Question 8

What does a length check do?

Answer 8

that the input isn’t too long or too short

Question 9

What does a presence check do?

Answer 9

checks that data has been entered

Question 10

What does a format check do?

Answer 10

check that the data is in the correct format, such as entering a date in the format DD/MM/YYYY.

Question 11

What does a type check do?

Answer 11

checks that the data is of a specified data type, such as an integer

Question 12

Does validation ensure that data entered is correct?

Answer 12

No, only that data is sensible

Question 13

What is a verification test ?

Answer 13

inputting data twice so that if the 2 entries match, the entry can be accepted as valid

Question 14

What is data sanitisation?

Answer 14

to hide or protect data so it can’t be seen or disclosed.

Question 15

What are the examples of data sanitisation?

Answer 15

masking and input sanitisation

Question 16

What does masking do?

Answer 16

Masking hides visible data by replacing it with something else. A good example of this is when a person enters a password.

Question 17

.

Answer 17

.

Question 18

What is an example of input sanitisation?

Answer 18

A good example of this is on a website form. A hacker might try to gain access to a website’s data through a SQL injection attack. This would involve the hacker entering an SQL command into a website form to try and take control of the form’s linked database. Input sanitisation could be used here to remove any SQL commands from the inputted data, preventing a hacker from gaining control of the database.

Question 19

What is authentication?

Answer 19

the process of a user confirming that they are who they say they are on a computer system.

Question 20

What are the main factors of authentication?

Answer 20

something you are - username, bank account number, or anything that identifies the user uniquely
something you know - password, pin, secret answer to a question
something you have - swipe card, biometrics, any other physical identifying device

Question 21

What is the purpose of maintainability?

Answer 21

Ensuring that a program is easy to understand, modify and update over time

Question 22

What are examples of maintainability in use?

Answer 22

comments
sensible variable names
indentation

Question 23

What are comments?

Answer 23

lines in programs that provide information about what the different parts of the program do

Question 24

What should variable names do?

Answer 24

reflect the purpose of the variable and the data it is intended to hold

Question 25

Why is indentation used?

Answer 25

so you can see which code falls within the selection or iteration, and where it ends.

Question 26

What is the difference between syntax and logic errors?

Answer 26

Syntax errors occur when written code does not match the rules of the programming language. Logic errors occur when the program does not perform as expected.

Question 27

What is the purpose of testing?

Answer 27

The purpose of testing is to help the programmer remove such bugs and to ensure that the program functions as intended.

Question 28

What is iterative testing?

Answer 28

Iterative testing is carried out while a program is being developed. The programmer writes a section of code (module) then tests it. The module may work fine, but more likely the programmer will amend or fix the code, and test it again. The process repeats (iterates) until the module works as intended.

Question 29

What is final testing?

Answer 29

Final (terminal) testing is carried out when all modules are complete and the program is tested as a whole to ensure that it functions as it should.

Question 30

What is normal data?

Answer 30

sensible, possible data that the program should accept and be able to process

Question 31

What is boundary data?

Answer 31

valid data that falls at the boundary of any possible ranges

Question 32

What is invalid data?

Answer 32

Data which is outside the limits of valid data

Question 33

What is erroneous data?

Answer 33

Data that is unacceptable e.g the wrong data type

Question 34

What does a trace table do?

Answer 34

a trace table, contains all the variables a program contains. Whenever the value of a variable changes, the change is indicated in the trace table.

Question 35

What does a trace table help with?

Answer 35

Identifying logic errors