Preview

21 - Defensive Design and Maintainability

1. Validation is an important part of defensive design. Fill in the blanks below.

Validation is a check to ensure that the data entered is sensible or ____________.  
It cannot check that it is __________ because a user may lie or make a mistake.  
It attempts to ensure that it is within certain _________ or rules.

reasonable / correct / limits

reasonable / validated / limits

accurate / incorrect / validations

perfect / validated / functions

2. For example, a user is asked to enter a mobile phone number but only enters 9 digits. A standard UK mobile number is 11 digits. A ____________________ validation can be used to ensure that 11 digits are entered

double check

entry check

length check

accuracy check

3. This is the definition for the validation check called ' check digit': The last one or two digits in a code are used to check the other digits are correct. An example of this would be ...

bar code readers in supermarkets use check digits

MS Word uses red lines to underline misspelt words

there are only seven possible days of the week

in most databases, a key field cannot be left blank

4. A National Insurance number is in the form LL 99 99 99 L where L is any letter and 9 is any number. A good validation check in this instance could be a:

check digit

format check

cart check

people check

5. Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. This is referred to as:

Verification

Inputting

Debugging

Input Sanitisation

6. ______________ trims or strips strings, removing unwanted characters from strings For example, Dave not dav%e, the % would be removed. This ensures that the input is correct and contains only the permitted characters, letters and symbols.

Data sanitisation

Format stripping

Data verification

Line vaildation

7. Look at the data below and identify the issues.

1. Dav3
2. Sarah.gmail@com
3. Name: claire swainsworth
4. Â£546.56.67
5. O1982 56O635

1. Number in name 4. Two decimal points used

There are no mistakes

1. Number in name 2. # in email is now allowed 3. No capitals

1. Number in name 2. wrong email format 3. No capitals 4. Two decimals 5. letter 'O'

8. Defensive program design will consider and anticipate misuse. Misuse may be in the form of a brute force attack on the program. An example would be:

validating the input

allow user to enter a password three or four times before it locks out the system.

emailing known hackers requesting politely that they do not carry out an attack

creating functions that have the word 'def' for 'defensive' in them

9. Read the paragraph and fill in the blanks below:

______________ is a coding method to check that a user is who they say
they are and allowed to accesses the program.  
This can be as simple as the user entering a user name and password 
which is compared against a stored user name and password.  
If they match then the user is authenticated.

Verification

Validation

Functional Programming

Authentication

10. Fill in the blanks below for the paragraph that outlines the basics of web authentication. Do also have a look at the diagram.

A summary of basic web authentication goes like this:
You make for a request for a webpage by typing in the _________
The server responds with an_______, requesting authentication
Your device ________ request - with authentication details encoded in request
Again the server checks the details and _____ the page requested, or another error

url / error / retries / sends

webpage / welcome message / resends / checks

ip address / error / retries / validates

required key word / error / retries / validates

11. Which of these is not a method for ensuring that a program is robust?

Data Validation

Data Sanitisation

Keeping passwords safe

Authentication

12. Why is code indented?

because sometimes the code doesn't use a { and indenting is used instead

To group together a function (and what's inside it)

to make it easier to read / maintain

all of the options here are valid reasons

13. What is data validation?

checking the data entered is wrong

checking the data entered is absolutely correct and accurate to the letter

checking the data entered sensible and reasonable

checking the output is valid e.g. always equal to 'true'

14. Which of these authentication methods is most secure?

username and password

Password

key card

physical and code

15. Which of these is not an example of validation?

use of a lookup table (e.g. select 'male' or 'female')

use of a presence check

checking the number entered is just two digits

asking the user to enter in the same data twice

16. What does a range check do?

checks the data is in the correct format which is a type of range

check data across a range of numbers

ensure that three types of different data are used

check the data is within an acceptable range

17. When a program runs, it requires the user to enter their first name only. What, in this example, is an example of 'valid' data?

Sarah Marthoma Benjamin Henrietta Jones

Mr Jones = Male

Sarah

18. Which of these is NOT a method for planning for misuse?

requesting the password and username

limiting the number of login attempts

Authentication

not validating the data entry so that the user is thwarted from the start

19. What is NOT a method of authentication?

pattern password

marking a url or website: 'authentic'

finger print password

username and password

20. What is maintainability?

updating code to meet requirements (e.g. readable, indented,organised,comments)

testing a program for errors

training staff to use programs correctly

checking to see the program actually works

21. Why are 'comments' used in a program?

They are required for the program to run

Comments help with security in the code and keep intruders at bay

Comments pad out the program and make it look more professional

Comments keep the programmer informed - of issues, errors and how things work

22. When should comments be used in a program?

They should be used on every single line and should always be as long as possible

To help the program to run faster

To help describe what the code and the structures/functions actually do

To slow down the program so it is easier to manage and execute

23. What is defensive program design?

a method of ensuring that your code is not misused

creating code that is easy to use and easy to understand

making your program and code error free

it is code that is validated and authenticated together with verified

24. True or False: Data Validation checks the data is reasonable and valid where as Input Sanitisation removes unexpected or unrequired data.

False

True

25. A user attempts to enter an incorrect password. What method would identify this issue?