3.1: Defensive Design
Exam Board:
OCR
Specification:
2020
Defensive Design Considerations
There are several things to consider when creating a program that is secure and robust, including:
Anticipating Misuse
Planning ahead to take steps against potential misuse (e.g Twitter preventing the same tweet sent twice in a row).
Input Sanitisation
Cleaning up data that has been input, (e.g. removing special characters to prevent a SQL injection).
Validation
Checking whether input data follows criteria and should be accepted. (e.g. length check on a password).
Verification
Checking whether data has been entered correctly (e.g. double entry).
Authentication
Ensuring only authorised users can gain access to a system (e.g. passwords)
​
Maintainable code
Allowing other programmers to understand the code (e.g. comments, indentation, meaningful variable names).
Input Validation
Validation is a process to check that data is reasonable or sensible before it is accepted.
Range Check
Checks data is within a certain range.
Age:
34
203
Type Check
Checks data is a certain data type.
Height (in cm):
182
Two metres
Format Check
Checks data is entered in a certain way.
Date of Birth (DD/MM/YYYY)
25/03/2001
25th March 01
Presence Check
Lookup Table
Length Check
Checks that data has actually been entered and not left blank.
A table of acceptable entries, also known as a list.
Checks the length of the input is within a certain amount.
Password:
fluffythecat123

Telephone Number
08323877319
07383
Maintainability
Programs should be written in a way that makes maintaining and understanding them as straightforward as possible.
Examples of making a program maintainable include:
Using subprograms to reuse code and make them easier to test. This is called modularisation.
Appropriate variable names, using a naming convention, ensure the purpose of a variable is immediately understood.

Using indentation to improve readability and clearly show each ‘block’ of code.
Comments enable a programmer to understand the purpose of each line of code. Crucial when working in a team.
Using constants is another method of improving maintainability. This keeps the program code consistent, which makes it easier to read and debug a program.

Questo's Questions
3.1 - Defensive Design:
​
1. Describe the different considerations a programmer should make for a defensive design. [6]
​
2. Describe the each validation check and give a suitable example. [12]
​
3. Explain the different ways a program can be maintained. [5]