3.1: Defensive Design

Exam Board:


Defensive Design Considerations

There are several things to consider when creating a program that is secure and robust, including:

Anticipating Misuse

Planning ahead to take steps against potential misuse (e.g Twitter preventing the same tweet sent twice in a row).

Input Sanitisation

Cleaning up data that has been input, (e.g. removing special characters to prevent a SQL injection).



Checking whether input data follows criteria and should be accepted. (e.g. length check on a password).


Checking whether data has been entered correctly (e.g. double entry).



Ensuring only authorised users can gain access to a system (e.g. passwords)

Maintainable code

Allowing other programmers to understand the code (e.g. comments, indentation, meaningful variable names).

Input Validation

Validation is a process to check that data is reasonable or sensible before it is accepted.

Range Check

Checks data is within a certain range.




Type Check

Checks data is a certain data type.

Height (in cm):


Two metres

Format Check

Checks data is entered in a certain way.

Date of Birth (DD/MM/YYYY)


25th March 01

Presence Check

Lookup Table

Length Check

Checks that data has actually been entered and not left blank.

A table of acceptable entries, also known as a list.

Checks the length of the input is within a certain amount.




Telephone Number




Programs should be written in a way that makes maintaining and understanding them as straightforward as possible.


Examples of making a program maintainable include:

Using subprograms to reuse code and make them easier to test. This is called modularisation.

Appropriate variable names, using a naming convention, ensure the purpose of a variable is immediately understood. 


Using indentation to improve readability and clearly show each ‘block’ of code.

Comments enable a programmer to understand the purpose of each line of code. Crucial when working in a team.

Using constants is another method of improving maintainability. This keeps the program code consistent, which makes it easier to read and debug a program.

Monochrome on Transparent.png

Questo's Questions

3.1 - Defensive Design:

1. Describe the different considerations a programmer should make for a defensive design. [6]

2. Describe the each validation check and give a suitable example. [12]

3. Explain the different ways a program can be maintained. [5]