๐Ÿšง

Defensive Design

1.0 What and Why?

Websites, applications, games and software projects should be designed to ensure that they can cope with unexpected input from users.

Technology companies spend a lot of money ensuring products are tested rigorously before they are launched and released to the public, in a bid to catch errors and bugs before users are affected by them.

Defensive design ensures that:

  • The number of errors or bugs is minimised.
  • The program behaves as expected for the user, despite random or erroneous user actions.
  • Occurring errors are clearly labelled and allowed for, without causing confusion or problems for the user.

1.1 Defensive Design in Practice

How can defensive design be used to protect software from bugs and errors?

โ€ฃ
Anticipate misuse
โ€ฃ
Code maintenance
โ€ฃ
Testing

2.0 Anticipating Misuse

Misuse means that software is not being used as the developer intended. Misuse can be intentional or accidental.

2.1 Input Exploitation

Input exploitation is when users enter data that causes errors in the software.

The easiest way for a user to accidentally or intentionally misuse software is when entering data.

๐Ÿ”’ Example A user enters their password incorrectly; the authentication system errors; the system does not let them in.

โŒ Example A user enters the wrong data type into a form (e.g. text into a phone number field); the form errors; the data does not submit successfully.

๐Ÿ“ Example A user enters too many characters into the username field; the form cannot process so much data at once; the submission fails to load.

2.2 Input Sanitisation

Input sanitisation is the formatting of data before it is sent into the software.

Sanitised input can then be accepted by the system without errors occurring.

๐Ÿงผ Example Removing a space from a postcode field so that only letters and numbers are sent into the system.

2.3 Input Validation

Input validation is the checking of data so that it meets certain criteria before it is submitted.

Only valid data will be accepted by the system to prevent errors occurring.

Input Validation Techniques

Name
Description
Example of Use
Range Check

A number or date is within an allowed range

Checking you are old enough to enter a website

Type Check

Typed input is of the correct data type

When entering a phone number, only integers allowed

Length Check

Text is not too long or too short

Password must be 8-15 characters

Presence Check

Mandatory data has been entered; data has not been left blank

Fields marked with * in forms

Format Check

Typed input matches a specific rule

Email addresses contain an "@" symbol and full stops

Lookup Table

Input is checked against a list of acceptable inputs

When entering your password, in order to authenticate you

2.4 Authentication

Authentication means confirming the identity of the user, before they are allowed to access some data or parts of the system.

Getting the authentication levels right can affect the users' opinion of the product: too many authentication checks may seem unnecessary, but too few may lead users to think their data is at risk.

Common Authentication Measures:

โ€ฃ
2FA
โ€ฃ
Forced strong passwords
โ€ฃ
Passphrase
โ€ฃ
3FA
โ€ฃ
Limited authentication attempts

3.0 Code Maintenance

๐Ÿž If programming code is poorly maintained, other programmers may misinterpret what the code is doing or be more likely to create bugs.

๐Ÿ‘ A well-maintained program makes it easy for other programmers to understand the code.

๐Ÿค“ Maintenance increases the codeโ€™s readability and makes teamwork easy.

โœ… Programmers should be able to change parts of the code without risking problems elsewhere.

โ€ฃ
Example

3.1 Modular Programming

def greeting():
	print("Hello and welcome to your new phone!")
	name = input("What would you like me to call you?")
	print("Thank you. I will call you",name,"from now on.")
	proceed = input("Enter Y to continue or N to start-over.")
	if proceed.upper() == "Y":
		continue()
	else:
		print("Proceed command not detected. Terminating")
		break()

Placing regularly used code blocks into subroutines increases the code's readability and maintainability.

A programmer won't have to change lots of lines of code if a mistake is made - only within one subroutine.

Getting into the habit of writing subroutines also reduce the amount of lines of code that have to be written overall and decomposes large chunks of text.

3.2 Indentation and White Space

Space out the written program with white space to increase readability.

Indentation is vital in some languages to prevent syntax errors.

Incorrect indentation can also lead to logic errors and unexpected results.

3.3 Naming Conventions

Name variables, constants and subroutines appropriately, so that they refer to the data held. This helps the code make more sense to readers.

Use a consistent naming convention to increase readability e.g. camelCase or use_underscores. This will help programmers keep track of and recognise variables throughout your program.

3.4 Comments

Comments usually start with ## or // , depending on the programming language.

Comments can help readers understand what function the code has, or what the programmer's intentions were.

Comments arenโ€™t needed for every single line. Key features that are critical to code function or difficult to understand should be commented.