top of page

3.1: Defensive Design

Exam Board:
OCR

Specification:
J277

Defensive Design Considerations

There are several things to consider when creating a program that is secure and robust, including:

Anticipating Misuse

Planning ahead to take steps against potential misuse (e.g the app X prevents the same tweet sent twice in a row as it might be spam).
 

Input Sanitisation

Checking and cleaning up data that has been input, (e.g. removing special characters to prevent a SQL injection).

 

Validation

Checking whether input data follows specific criteria and should be accepted (e.g. a length check on a password).

Verification

Checking whether data that has been entered is correct (e.g. double entry).

 

Authentication

Ensuring only authorised users can gain access to a system (e.g. usernames and strong passwords).

Maintainable code

Allowing other programmers to easily read and quickly understand code that has been written (e.g. using comments, indentation and appropriate variable names).

Input Validation

Validation is a process to check that data is reasonable or sensible before it is accepted.

Range Check

Checks data is within a certain range.

Age:

34

203

Type Check

Checks data is a certain data type.

Height (in cm):

182

Two metres

Format Check

Checks data is entered in a certain way.

Date of Birth (DD/MM/YYYY)

25/03/2011

25th March 11

Presence Check

Checks that data has actually been entered and not left blank.

Password:

fluffythecat123

Lookup Table

A table of acceptable entries, also known as a list.

gender.PNG

Length Check

Checks the length of the input is within a certain amount.

Telephone Number

08323877319

07383

Maintainability

Programs should be written in a way that makes maintaining and understanding them as straightforward as possible.

 

Examples of making a program maintainable include:

Using subprograms to reuse code and make them easier to test. This is called modularisation.

Appropriate variable names, using a naming convention, ensure the purpose of a variable is immediately understood. 

code1.png

Using indentation to improve readability and clearly show each ‘block’ of code.

Comments enable a programmer to understand the purpose of each line of code. Crucial when working in a team.

Using constants is another method of improving maintainability. This keeps the program code consistent, which makes it easier to read and debug a program.

Monochrome on Transparent.png

Questo's Questions

3.1 - Defensive Design:

1. Describe the different considerations a programmer should make for a defensive design. [6]

2. Describe the each validation check and give a suitable example. [12]

3. Explain the different ways a program can be maintained. [5]

bottom of page