21 - Defensive Design and Maintainability

 1. Validation is an important part of defensive design. Fill in the blanks below.
Validation is a check to ensure that the data entered is sensible or ____________.  
It cannot check that it is __________ because a user may lie or make a mistake.  
It attempts to ensure that it is within certain _________ or rules.

  reasonable / validated / limits

  reasonable / correct / limits

  accurate / incorrect / validations

  perfect / validated / functions

 2. For example, a user is asked to enter a mobile phone number but only enters 9 digits. A standard UK mobile number is 11 digits. A ____________________ validation can be used to ensure that 11 digits are entered

  entry check

  accuracy check

  length check

  double check

 3. This is the definition for the validation check called ' check digit': The last one or two digits in a code are used to check the other digits are correct. An example of this would be ...

  in most databases, a key field cannot be left blank

  there are only seven possible days of the week

  MS Word uses red lines to underline misspelt words

  bar code readers in supermarkets use check digits

 4. A National Insurance number is in the form LL 99 99 99 L where L is any letter and 9 is any number. A good validation check in this instance could be a:

  check digit

  format check

  cart check

  people check

 5. Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. This is referred to as:




  Input Sanitisation

 6. ______________ trims or strips strings, removing unwanted characters from strings For example, Dave not dav%e, the % would be removed. This ensures that the input is correct and contains only the permitted characters, letters and symbols.

  Data verification

  Format stripping

  Data sanitisation

  Line vaildation

 7. Look at the data below and identify the issues.
1. Dav3
2. [email protected]
3. Name: claire swainsworth
4. £546.56.67
5. O1982 56O635

  1. Number in name 4. Two decimal points used

  1. Number in name 2. # in email is now allowed 3. No capitals

  There are no mistakes

  1. Number in name 2. wrong email format 3. No capitals 4. Two decimals 5. letter 'O'

 8. Defensive program design will consider and anticipate misuse. Misuse may be in the form of a brute force attack on the program. An example would be:

  creating functions that have the word 'def' for 'defensive' in them

  allow user to enter a password three or four times before it locks out the system.

  validating the input

  emailing known hackers requesting politely that they do not carry out an attack

 9. Read the paragraph and fill in the blanks below:
______________ is a coding method to check that a user is who they say
they are and allowed to accesses the program.  
This can be as simple as the user entering a user name and password 
which is compared against a stored user name and password.  
If they match then the user is authenticated.

  Functional Programming




 10. Fill in the blanks below for the paragraph that outlines the basics of web authentication. Do also have a look at the diagram.
A summary of basic web authentication goes like this:
You make for a request for a webpage by typing in the _________
The server responds with an_______, requesting authentication
Your device ________ request - with authentication details encoded in request
Again the server checks the details and _____ the page requested, or another error

  webpage / welcome message / resends / checks

  required key word / error / retries / validates

  ip address / error / retries / validates

  url / error / retries / sends

 11. Which of these is not a method for ensuring that a program is robust?

  Data Validation

  Data Sanitisation


  Keeping passwords safe

 12. Why is code indented?

  all of the options here are valid reasons

  To group together a function (and what's inside it)

  to make it easier to read / maintain

  because sometimes the code doesn't use a { and indenting is used instead

 13. What is data validation?

  checking the output is valid e.g. always equal to 'true'

  checking the data entered is wrong

  checking the data entered sensible and reasonable

  checking the data entered is absolutely correct and accurate to the letter

 14. Which of these authentication methods is most secure?

  username and password

  key card

  physical and code


 15. Which of these is not an example of validation?

  asking the user to enter in the same data twice

  checking the number entered is just two digits

  use of a lookup table (e.g. select 'male' or 'female')

  use of a presence check

 16. What does a range check do?

  ensure that three types of different data are used

  check the data is within an acceptable range

  check data across a range of numbers

  checks the data is in the correct format which is a type of range

 17. When a program runs, it requires the user to enter their first name only. What, in this example, is an example of 'valid' data?



  Sarah Marthoma Benjamin Henrietta Jones

  Mr Jones = Male

 18. Which of these is NOT a method for planning for misuse?

  limiting the number of login attempts

  requesting the password and username


  not validating the data entry so that the user is thwarted from the start

 19. What is NOT a method of authentication?

  username and password

  pattern password

  finger print password

  marking a url or website: 'authentic'

 20. What is maintainability?

  updating code to meet requirements (e.g. readable, indented,organised,comments)

  training staff to use programs correctly

  testing a program for errors

  checking to see the program actually works

 21. Why are 'comments' used in a program?

  Comments help with security in the code and keep intruders at bay

  They are required for the program to run

  Comments pad out the program and make it look more professional

  Comments keep the programmer informed - of issues, errors and how things work

 22. When should comments be used in a program?

  To help the program to run faster

  To help describe what the code and the structures/functions actually do

  To slow down the program so it is easier to manage and execute

  They should be used on every single line and should always be as long as possible

 23. What is defensive program design?

  a method of ensuring that your code is not misused

  it is code that is validated and authenticated together with verified

  creating code that is easy to use and easy to understand

  making your program and code error free

 24. True or False: Data Validation checks the data is reasonable and valid where as Input Sanitisation removes unexpected or unrequired data.



 25. A user attempts to enter an incorrect password. What method would identify this issue?


  Calling the Grace Hopper hotline

  Input Validation with Double Verification

  Program Comments