top of page

3.1: Defensive Design

Exam Board:


Defensive Design Considerations

There are several things to consider when creating a program that is secure and robust, including:

Anticipating Misuse

Planning ahead to take steps against potential misuse (e.g the app X prevents the same tweet sent twice in a row as it might be spam).

Input Sanitisation

Checking and cleaning up data that has been input, (e.g. removing special characters to prevent a SQL injection).



Checking whether input data follows specific criteria and should be accepted (e.g. a length check on a password).


Checking whether data that has been entered is correct (e.g. double entry).



Ensuring only authorised users can gain access to a system (e.g. usernames and strong passwords).

Maintainable code

Allowing other programmers to easily read and quickly understand code that has been written (e.g. using comments, indentation and appropriate variable names).

Input Validation

Validation is a process to check that data is reasonable or sensible before it is accepted.

Range Check

Checks data is within a certain range.




Type Check

Checks data is a certain data type.

Height (in cm):


Two metres

Format Check

Checks data is entered in a certain way.

Date of Birth (DD/MM/YYYY)


25th March 11

Presence Check

Checks that data has actually been entered and not left blank.



Lookup Table

A table of acceptable entries, also known as a list.


Length Check

Checks the length of the input is within a certain amount.

Telephone Number




Programs should be written in a way that makes maintaining and understanding them as straightforward as possible.


Examples of making a program maintainable include:

Using subprograms to reuse code and make them easier to test. This is called modularisation.

Appropriate variable names, using a naming convention, ensure the purpose of a variable is immediately understood. 


Using indentation to improve readability and clearly show each ‘block’ of code.

Comments enable a programmer to understand the purpose of each line of code. Crucial when working in a team.

Using constants is another method of improving maintainability. This keeps the program code consistent, which makes it easier to read and debug a program.

Monochrome on Transparent.png

Questo's Questions

3.1 - Defensive Design:

1. Describe the different considerations a programmer should make for a defensive design. [6]

2. Describe the each validation check and give a suitable example. [12]

3. Explain the different ways a program can be maintained. [5]

bottom of page