Preview

21 - Defensive Design and Maintainability

 1. Validation is an important part of defensive design. Fill in the blanks below. 
Validation is a check to ensure that the data entered is sensible or ____________.  
It cannot check that it is __________ because a user may lie or make a mistake.  
It attempts to ensure that it is within certain _________ or rules.

  reasonable / validated / limits

  perfect / validated / functions

  accurate / incorrect / validations

  reasonable / correct / limits

 2. For example, a user is asked to enter a mobile phone number but only enters 9 digits. A standard UK mobile number is 11 digits. A ____________________ validation can be used to ensure that 11 digits are entered
uploads/validation_mobile.png

  entry check

  length check

  accuracy check

  double check

 3. This is the definition for the validation check called ' check digit': The last one or two digits in a code are used to check the other digits are correct. An example of this would be ...

  in most databases, a key field cannot be left blank

  MS Word uses red lines to underline misspelt words

  there are only seven possible days of the week

  bar code readers in supermarkets use check digits

 4. A National Insurance number is in the form LL 99 99 99 L where L is any letter and 9 is any number. A good validation check in this instance could be a:

  check digit

  cart check

  people check

  format check

 5. Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. This is referred to as:

  Input Sanitisation

  Verification

  Debugging

  Inputting

 6. ______________ trims or strips strings, removing unwanted characters from strings For example, Dave not dav%e, the % would be removed. This ensures that the input is correct and contains only the permitted characters, letters and symbols.

  Line vaildation

  Data sanitisation

  Data verification

  Format stripping

 7. Look at the data below and identify the issues. 
1. Dav3
2. Sarah.gmail@com
3. Name: claire swainsworth
4. £546.56.67
5. O1982 56O635

  There are no mistakes

  1. Number in name 2. wrong email format 3. No capitals 4. Two decimals 5. letter 'O'

  1. Number in name 4. Two decimal points used

  1. Number in name 2. # in email is now allowed 3. No capitals

 8. Defensive program design will consider and anticipate misuse. Misuse may be in the form of a brute force attack on the program. An example would be:

  creating functions that have the word 'def' for 'defensive' in them

  validating the input

  allow user to enter a password three or four times before it locks out the system.

  emailing known hackers requesting politely that they do not carry out an attack

 9. Read the paragraph and fill in the blanks below: 
______________ is a coding method to check that a user is who they say
they are and allowed to accesses the program.  
This can be as simple as the user entering a user name and password 
which is compared against a stored user name and password.  
If they match then the user is authenticated.

  Authentication

  Validation

  Functional Programming

  Verification

 10. Fill in the blanks below for the paragraph that outlines the basics of web authentication. Do also have a look at the diagram. 
A summary of basic web authentication goes like this:
You make for a request for a webpage by typing in the _________
The server responds with an_______, requesting authentication
Your device ________ request - with authentication details encoded in request
Again the server checks the details and _____ the page requested, or another error
uploads/webauth2.jpg

  required key word / error / retries / validates

  url / error / retries / sends

  webpage / welcome message / resends / checks

  ip address / error / retries / validates

 11. Which of these is not a method for ensuring that a program is robust?

  Keeping passwords safe

  Authentication

  Data Sanitisation

  Data Validation

 12. Why is code indented?

  all of the options here are valid reasons

  because sometimes the code doesn't use a { and indenting is used instead

  to make it easier to read / maintain

  To group together a function (and what's inside it)

 13. What is data validation?

  checking the data entered is wrong

  checking the output is valid e.g. always equal to 'true'

  checking the data entered sensible and reasonable

  checking the data entered is absolutely correct and accurate to the letter

 14. Which of these authentication methods is most secure?

  username and password

  physical and code

  Password

  key card

 15. Which of these is not an example of validation?

  use of a presence check

  checking the number entered is just two digits

  use of a lookup table (e.g. select 'male' or 'female')

  asking the user to enter in the same data twice

 16. What does a range check do?

  check the data is within an acceptable range

  check data across a range of numbers

  checks the data is in the correct format which is a type of range

  ensure that three types of different data are used

 17. When a program runs, it requires the user to enter their first name only. What, in this example, is an example of 'valid' data?

  Mr Jones = Male

  Sarah Marthoma Benjamin Henrietta Jones

  Sarah

  22

 18. Which of these is NOT a method for planning for misuse?

  limiting the number of login attempts

  not validating the data entry so that the user is thwarted from the start

  requesting the password and username

  Authentication

 19. What is NOT a method of authentication?

  finger print password

  pattern password

  marking a url or website: 'authentic'

  username and password

 20. What is maintainability?

  training staff to use programs correctly

  updating code to meet requirements (e.g. readable, indented,organised,comments)

  testing a program for errors

  checking to see the program actually works

 21. Why are 'comments' used in a program?

  They are required for the program to run

  Comments pad out the program and make it look more professional

  Comments help with security in the code and keep intruders at bay

  Comments keep the programmer informed - of issues, errors and how things work

 22. When should comments be used in a program?

  To slow down the program so it is easier to manage and execute

  They should be used on every single line and should always be as long as possible

  To help describe what the code and the structures/functions actually do

  To help the program to run faster

 23. What is defensive program design?

  it is code that is validated and authenticated together with verified

  making your program and code error free

  a method of ensuring that your code is not misused

  creating code that is easy to use and easy to understand

 24. True or False: Data Validation checks the data is reasonable and valid where as Input Sanitisation removes unexpected or unrequired data.

  False

  True

 25. A user attempts to enter an incorrect password. What method would identify this issue?

  Calling the Grace Hopper hotline

  Program Comments

  Authentication

  Input Validation with Double Verification


Report an error