Preview

21 - Defensive Design and Maintainability

 1. Validation is an important part of defensive design. Fill in the blanks below. 
Validation is a check to ensure that the data entered is sensible or ____________.  
It cannot check that it is __________ because a user may lie or make a mistake.  
It attempts to ensure that it is within certain _________ or rules.

  reasonable / validated / limits

  reasonable / correct / limits

  accurate / incorrect / validations

  perfect / validated / functions

 2. For example, a user is asked to enter a mobile phone number but only enters 9 digits. A standard UK mobile number is 11 digits. A ____________________ validation can be used to ensure that 11 digits are entered
uploads/validation_mobile.png

  accuracy check

  entry check

  length check

  double check

 3. This is the definition for the validation check called ' check digit': The last one or two digits in a code are used to check the other digits are correct. An example of this would be ...

  there are only seven possible days of the week

  in most databases, a key field cannot be left blank

  MS Word uses red lines to underline misspelt words

  bar code readers in supermarkets use check digits

 4. A National Insurance number is in the form LL 99 99 99 L where L is any letter and 9 is any number. A good validation check in this instance could be a:

  people check

  cart check

  check digit

  format check

 5. Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. This is referred to as:

  Input Sanitisation

  Debugging

  Inputting

  Verification

 6. ______________ trims or strips strings, removing unwanted characters from strings For example, Dave not dav%e, the % would be removed. This ensures that the input is correct and contains only the permitted characters, letters and symbols.

  Line vaildation

  Data verification

  Format stripping

  Data sanitisation

 7. Look at the data below and identify the issues. 
1. Dav3
2. Sarah.gmail@com
3. Name: claire swainsworth
4. £546.56.67
5. O1982 56O635

  There are no mistakes

  1. Number in name 2. wrong email format 3. No capitals 4. Two decimals 5. letter 'O'

  1. Number in name 2. # in email is now allowed 3. No capitals

  1. Number in name 4. Two decimal points used

 8. Defensive program design will consider and anticipate misuse. Misuse may be in the form of a brute force attack on the program. An example would be:

  validating the input

  emailing known hackers requesting politely that they do not carry out an attack

  allow user to enter a password three or four times before it locks out the system.

  creating functions that have the word 'def' for 'defensive' in them

 9. Read the paragraph and fill in the blanks below: 
______________ is a coding method to check that a user is who they say
they are and allowed to accesses the program.  
This can be as simple as the user entering a user name and password 
which is compared against a stored user name and password.  
If they match then the user is authenticated.

  Authentication

  Functional Programming

  Validation

  Verification

 10. Fill in the blanks below for the paragraph that outlines the basics of web authentication. Do also have a look at the diagram. 
A summary of basic web authentication goes like this:
You make for a request for a webpage by typing in the _________
The server responds with an_______, requesting authentication
Your device ________ request - with authentication details encoded in request
Again the server checks the details and _____ the page requested, or another error
uploads/webauth2.jpg

  ip address / error / retries / validates

  webpage / welcome message / resends / checks

  url / error / retries / sends

  required key word / error / retries / validates

 11. Which of these is not a method for ensuring that a program is robust?

  Data Validation

  Authentication

  Keeping passwords safe

  Data Sanitisation

 12. Why is code indented?

  To group together a function (and what's inside it)

  all of the options here are valid reasons

  to make it easier to read / maintain

  because sometimes the code doesn't use a { and indenting is used instead

 13. What is data validation?

  checking the data entered sensible and reasonable

  checking the data entered is absolutely correct and accurate to the letter

  checking the output is valid e.g. always equal to 'true'

  checking the data entered is wrong

 14. Which of these authentication methods is most secure?

  Password

  key card

  username and password

  physical and code

 15. Which of these is not an example of validation?

  checking the number entered is just two digits

  use of a presence check

  asking the user to enter in the same data twice

  use of a lookup table (e.g. select 'male' or 'female')

 16. What does a range check do?

  checks the data is in the correct format which is a type of range

  check the data is within an acceptable range

  check data across a range of numbers

  ensure that three types of different data are used

 17. When a program runs, it requires the user to enter their first name only. What, in this example, is an example of 'valid' data?

  Sarah

  Sarah Marthoma Benjamin Henrietta Jones

  22

  Mr Jones = Male

 18. Which of these is NOT a method for planning for misuse?

  Authentication

  limiting the number of login attempts

  requesting the password and username

  not validating the data entry so that the user is thwarted from the start

 19. What is NOT a method of authentication?

  marking a url or website: 'authentic'

  finger print password

  pattern password

  username and password

 20. What is maintainability?

  checking to see the program actually works

  updating code to meet requirements (e.g. readable, indented,organised,comments)

  training staff to use programs correctly

  testing a program for errors

 21. Why are 'comments' used in a program?

  Comments help with security in the code and keep intruders at bay

  They are required for the program to run

  Comments keep the programmer informed - of issues, errors and how things work

  Comments pad out the program and make it look more professional

 22. When should comments be used in a program?

  To slow down the program so it is easier to manage and execute

  To help describe what the code and the structures/functions actually do

  To help the program to run faster

  They should be used on every single line and should always be as long as possible

 23. What is defensive program design?

  it is code that is validated and authenticated together with verified

  creating code that is easy to use and easy to understand

  making your program and code error free

  a method of ensuring that your code is not misused

 24. True or False: Data Validation checks the data is reasonable and valid where as Input Sanitisation removes unexpected or unrequired data.

  True

  False

 25. A user attempts to enter an incorrect password. What method would identify this issue?

  Program Comments

  Authentication

  Calling the Grace Hopper hotline

  Input Validation with Double Verification


Report an error