Preview

21 - Defensive Design and Maintainability

 1. Validation is an important part of defensive design. Fill in the blanks below. 
Validation is a check to ensure that the data entered is sensible or ____________.  
It cannot check that it is __________ because a user may lie or make a mistake.  
It attempts to ensure that it is within certain _________ or rules.

  reasonable / correct / limits

  accurate / incorrect / validations

  perfect / validated / functions

  reasonable / validated / limits

 2. For example, a user is asked to enter a mobile phone number but only enters 9 digits. A standard UK mobile number is 11 digits. A ____________________ validation can be used to ensure that 11 digits are entered
uploads/validation_mobile.png

  double check

  entry check

  length check

  accuracy check

 3. This is the definition for the validation check called ' check digit': The last one or two digits in a code are used to check the other digits are correct. An example of this would be ...

  bar code readers in supermarkets use check digits

  MS Word uses red lines to underline misspelt words

  there are only seven possible days of the week

  in most databases, a key field cannot be left blank

 4. A National Insurance number is in the form LL 99 99 99 L where L is any letter and 9 is any number. A good validation check in this instance could be a:

  cart check

  people check

  format check

  check digit

 5. Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. This is referred to as:

  Inputting

  Verification

  Debugging

  Input Sanitisation

 6. ______________ trims or strips strings, removing unwanted characters from strings For example, Dave not dav%e, the % would be removed. This ensures that the input is correct and contains only the permitted characters, letters and symbols.

  Format stripping

  Line vaildation

  Data verification

  Data sanitisation

 7. Look at the data below and identify the issues. 
1. Dav3
2. Sarah.gmail@com
3. Name: claire swainsworth
4. £546.56.67
5. O1982 56O635

  1. Number in name 4. Two decimal points used

  There are no mistakes

  1. Number in name 2. wrong email format 3. No capitals 4. Two decimals 5. letter 'O'

  1. Number in name 2. # in email is now allowed 3. No capitals

 8. Defensive program design will consider and anticipate misuse. Misuse may be in the form of a brute force attack on the program. An example would be:

  allow user to enter a password three or four times before it locks out the system.

  validating the input

  emailing known hackers requesting politely that they do not carry out an attack

  creating functions that have the word 'def' for 'defensive' in them

 9. Read the paragraph and fill in the blanks below: 
______________ is a coding method to check that a user is who they say
they are and allowed to accesses the program.  
This can be as simple as the user entering a user name and password 
which is compared against a stored user name and password.  
If they match then the user is authenticated.

  Functional Programming

  Verification

  Authentication

  Validation

 10. Fill in the blanks below for the paragraph that outlines the basics of web authentication. Do also have a look at the diagram. 
A summary of basic web authentication goes like this:
You make for a request for a webpage by typing in the _________
The server responds with an_______, requesting authentication
Your device ________ request - with authentication details encoded in request
Again the server checks the details and _____ the page requested, or another error
uploads/webauth2.jpg

  webpage / welcome message / resends / checks

  required key word / error / retries / validates

  ip address / error / retries / validates

  url / error / retries / sends

 11. Which of these is not a method for ensuring that a program is robust?

  Data Sanitisation

  Authentication

  Keeping passwords safe

  Data Validation

 12. Why is code indented?

  all of the options here are valid reasons

  because sometimes the code doesn't use a { and indenting is used instead

  to make it easier to read / maintain

  To group together a function (and what's inside it)

 13. What is data validation?

  checking the output is valid e.g. always equal to 'true'

  checking the data entered is absolutely correct and accurate to the letter

  checking the data entered sensible and reasonable

  checking the data entered is wrong

 14. Which of these authentication methods is most secure?

  username and password

  physical and code

  Password

  key card

 15. Which of these is not an example of validation?

  checking the number entered is just two digits

  use of a lookup table (e.g. select 'male' or 'female')

  use of a presence check

  asking the user to enter in the same data twice

 16. What does a range check do?

  check the data is within an acceptable range

  ensure that three types of different data are used

  checks the data is in the correct format which is a type of range

  check data across a range of numbers

 17. When a program runs, it requires the user to enter their first name only. What, in this example, is an example of 'valid' data?

  Sarah Marthoma Benjamin Henrietta Jones

  22

  Sarah

  Mr Jones = Male

 18. Which of these is NOT a method for planning for misuse?

  requesting the password and username

  not validating the data entry so that the user is thwarted from the start

  limiting the number of login attempts

  Authentication

 19. What is NOT a method of authentication?

  pattern password

  marking a url or website: 'authentic'

  username and password

  finger print password

 20. What is maintainability?

  checking to see the program actually works

  updating code to meet requirements (e.g. readable, indented,organised,comments)

  training staff to use programs correctly

  testing a program for errors

 21. Why are 'comments' used in a program?

  Comments keep the programmer informed - of issues, errors and how things work

  Comments help with security in the code and keep intruders at bay

  They are required for the program to run

  Comments pad out the program and make it look more professional

 22. When should comments be used in a program?

  To help describe what the code and the structures/functions actually do

  To help the program to run faster

  To slow down the program so it is easier to manage and execute

  They should be used on every single line and should always be as long as possible

 23. What is defensive program design?

  a method of ensuring that your code is not misused

  creating code that is easy to use and easy to understand

  making your program and code error free

  it is code that is validated and authenticated together with verified

 24. True or False: Data Validation checks the data is reasonable and valid where as Input Sanitisation removes unexpected or unrequired data.

  False

  True

 25. A user attempts to enter an incorrect password. What method would identify this issue?

  Calling the Grace Hopper hotline

  Authentication

  Program Comments

  Input Validation with Double Verification


Report an error