01 - Defensive Design Techniques

 1. Application software often requires a user to input information into a system. This might include input like:

  All of the above

  A username/password entry

  Input into a search box

  Contact details

 2. Defensive design is the practice of…

  defending a computer against viruses using anti virus software

  ensuring that there are physical defenses in places e.g. shields over the computer

  None of the above apply

  anticipating every possible way that the end user could make a mistake during data input

 3. During the defensive design process, methods are put in place to …

  eliminate accidental or deliberate misuse of the system

  eliminate the use of any unauthorised passwords

  eliminate people

  eliminate all hackers at source

 4. Which of the following should NOT occur, if your defensive design procedures have been effective?

  All of the above should not occur if defensive design has been effectively put in place

  program behaving in an unintended fashion

  program crashing

  program breaching security and having personal details revealed

 5. Large companies like SONY have been subject to huge attacks. Their systems were clearly not as _______ as they thought they were.





 6. Input Validation is one way of ensuring defensive design. What is validation?

  Ensuring that the end user is a valid human being by performing a validation facial check

  Ensuring that the data input by the user is correct in every way (e.g check that the user has spelt their name right)

  Ensuring that all inputs are exactly the same and that no one can be flexible with their answers

  Ensuring that the data input by the end user is valid and acceptable (e.g. male is valid for gender)

 7. An example of data validation is:

  Double checking every single entry to ensure the end user hasn't lied about their age.

  Using a drop down menu to allow users to select 'Male', 'Female' for Gender.

  None of the above apply

  Checking to see if the answer to a question (e.g. 2+2) is absolutely correct (not accepting any other answer other than 4)

 8. Some validation methods include:
Length Check
Range Check
Format Check
Type Check
Presence Check

  All except 'length' check are validation methods

  All except 'presence check' are validation methods

  None of the above are validation methods

  All of the above

 9. Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. This is called:

  Input sanitisation

  Input anti-attacking

  Input clearning

  Input meganitting

 10. Data sanitisation trims or strips strings, removing unwanted characters from strings for example:

  None of the above apply

  if a user input a number it would automatically be deleted

  in dav%e, the % would be removed to leave 'dave'

  a look up menu would be provided for a user to select from valid answers

 11. Data sanitisation would ensure that …

  the input is correct and contains only the permitted characters, letters and symbols.

  the input is always entered into a drop down menu

  the input is always text and not numbers

  the input is never entered in another language

 12. One example of defensive design and anitipating misuse is:

  hiring physical body guards to protect the network

  protecting against invalid data entry by blacking out all text boxes

  protecting against hackers by disabling the webiste altogether

  protecting against a brute force attack by only allowing a password to be entered three times

 13. Another example of anticipating misuse is what twitter does - in this case:

  allowing users to post the same tweet up to forty times

  allowing users to delete other user's accounts

  identifying duplicate tweets (if you send it twice) and removing the second identical tweet

  allowing passwords to be entered up to 1 million times for security purposes

 14. ______________ is a coding method to check that a user is who they say they are and allowed to accesses the program.





 15. The simplest form of authentication could be:

  entering a usernamd and password and checking it against a database of agreed user entries

  entering a passwod up to four million times

  None of the above

  allowing all users to use the same username and password

 16. Authentication methods include :

  passwords send to phones

  All of the above

  patterns to recognise

  image scanners

 17. Authentication also occurs when you access a website, you request access to the ___________ which hosts the page.

  physical location

  human being

  validation routine


 18. What is one example of where authentication is required?

  facebook login

  getting past the security guard at Microsoft

  network cables requiring clearning

  None of the above

 19. Maintainability is also important if a program is going to be robust. Two ways of ensuring maintainable programs is to have good:

  passwords and code syntax

  users and moral human beings

  comments and indentation

  databases and secure buildings

 20. Converting large numbers to smaller numbers is a method for planning for misuse