2.3 - Producing robust programs

What are defensive design considerations? List them

Defensive design considerations are considerations when creating a program that is secure and robust

• Anticipating misuse (planning ahead to take steps against potential misuse)

• Input sanitation (eg. removing special characters to prevent an SQL injection)

• Validation (checking whether data follows specific criteria that should be accepted)

• Verification (checking data entered is correct)

• Maintainable code (allow others to be able to quickly and read and understand code that has been written)

• Authentication (to confirm the identity of a user)

What is validation?

A process to check that data is reasonable or sensible before it is accepted

Give types of input validation

• Length check (length of input is within a range)

• Range check (data is within a certain range)

• Type check (data is of a certain data type)

• Format check (data is entered in a certain way)

• Presence check (data has actually been entered and not left blank)

Give methods of making a program maintainable

• Commenting (enables programmers to understand the purpose of the code)

• Indentation (improves readability)

• Subprograms (reuse code and make them easier to test)

• Appropriate variable names (purpose of a variable is understood)

• Using constants (keeps programs consistent, easy to read and debug)

What is the purpose of testing programs?

To ensure that a program works correctly no matter what input has been entered by the user

Explain the two types of testing

• Iterative: repeatedly testing the small parts of the program (modules) during the development of the program (until it works as expected)

• Terminal: testing the program after it has been developed and before the program is released to the end user. Takes place once all of the modules have been individually tested to ensure the whole program works all together as expected

Explain the two types of errors:

• Syntax: errors where the code doesn’t follow the rules of the programming language, so the computer cannot compile and execute it

• Logic: the program can be run but does not work as intended, producing an unexpected output

Explain the four types of test data

• Normal test data: test data which should be accepted by a program without causing errors

• Boundary test data: test data that is data of the correct type but is at the edge of the data range/ not being valid

• Invalid test data: test data that is data of the correct data type which should be rejected by the computer (does not meet the validation rules)

• Erroneous test data: test data is data of the incorrect data type which should be rejected by a computer system