Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Lesson 11 - Defensive Design
34
Lesson 11 - Defensive Design
E- LEARNING
Revise, Recap, Review
Objectives
3 basic programming constructs
2 advantages of a bubble sort
1 explanation of the differences between a function and a procedure
Lesson Objectives
To understand the need for producing robust programs
To know the difference between input validation and sanitisation
To anticipate how users may misuse a program
Engage
Theory
Make a list of places where you commonly enter data:
Is any of this personal data?
Why do you think it is important that programs are robust?
Robust Programs
Apart from security, robust programs are important so that programs are reliable
We don't want users to enter certain values that cause our programs to crash or glitch
Malicious and non-malicious
Input Validation
Used to make sure any data input is sensible and reasonable - IT CANNOT CHECK THAT IT IS ACCURATE! PEOPLE CAN STILL MAKE MISTAKES
E.g enter your mobile phone number
All UK numbers are 11 digits - if it isn't then it isn't valid BUT we can't say 100% that it is CORRECT
Verification
Verification is different to validation as it aims to check that the data IS correct, rather than just valid.
For example asking a user to enter their phone number twice to ensure they have typed it in correctly!
Task
Task
Input Sanitisation
This method cleans up the data before it is processed or stored
This adds security as some users try to include programming code in their inputs to hack into systems.
A common form of attack that sanitisation prevents is SQL injection
SQL Injection
Common attack where SQL code inserted into input fields
OR 1=1 method
SELECT * from users WHERE username = "admin" OR 1=1
Since 1=1 is always TRUE, we get all of the info from the users table