Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 2.3 Robust Programs Lesson 1 - Defensive Design Consideration

Published byMadeline Atkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Unit 2.3 Robust Programs Lesson 1 - Defensive Design Consideration"— Presentation transcript:

1 Unit 2.3 Robust Programs Lesson 1 - Defensive Design Consideration

2 Big Picture How can ROBUST programs be created that are defensive against hacks and attacks. How can this be implemented in the design stage of the program development?

3 Learning Objectives To understand the elements of defensive program design Know how comments and indentation can support maintainability Describe the role of testing, including how to identify errors and select appropriate test data.

4 Engagement Activity

5 Engagement Activity What caused the SONY hack?
What are the outcomes of this hack? How could SONY have prevented the attack? How might SONY alter their programs to prevent this kind of attack in the future?

6 Key Words Data Validation Data Sanitisation Authentication
Maintainability Comments Indentation

7 Defensive Design Considerations
Make a list of where you commonly enter data. How much of this is personal data? When data is entered into a program it is important that it is valid in order for the program to operate correctly. Sometimes users will deliberately enter incorrect or ‘spam’ data in an attempt to access a program or the program code.

8 Input Validation Validation is a check made by a computer to ensure that the data entered is sensible or reasonable. It cannot check that it is correct because a user may lie or make a mistake. It attempts to ensure that it is within certain limits or rules.

9 Input Validation For example, a user is asked to enter a mobile phone number but only enters 9 digits. A standard UK mobile number is 11 digits. A length check validation can be used to ensure that 11 digits are entered

10 Activity One Sort the cards into the correct order create a table of the: Name of the validation technique A definition An example

11 Activity 1 Answers Check digit
the last one or two digits in a code are used to check the other digits are correct bar code readers in supermarkets use check digits Format check checks the data is in the right format a National Insurance number is in the form LL L where L is any letter and 9 is any number Length check checks the data isn't too short or too long a password which needs to be six letters long Lookup table looks up acceptable values in a table there are only seven possible days of the week Presence check checks that data has been entered into a field in most databases a key field cannot be left blank Range check checks that a value falls within the specified range number of hours worked must be less than 50 and more than 0 Spell check looks up words in a dictionary MS Word uses red lines to underline misspelt words

12 Input Sanitisation Another method for validating data and stopping attacks is to clean up the data that is inputted so that it is ready for the application to use. Some users may add additional data to try and access the program or provide clues on how to access the program. Data sanitisation trims or strips strings, removing unwanted characters from strings For example, Dave not dav%e, the % would be removed This ensures that the input is correct and contains only the permitted characters, letters and symbols.

13 Input Sanitisation Activity 2
Look at the data below and identify the issues Dav3 Name: claire swainsworth £ O O635

14 Input Sanitisation Answers
Look at the data below and identify the issues Dav3 Name: claire swainsworth £ (two options here) O O635

15 Anticipating Misuse Defensive program design will consider and anticipate misuse. Misuse may be in the form of a brute force attack on the program. Many programs and systems only allow a user to enter a password three or four times before it locks out the system.

16 Anticipating Misuse The program should be able to identify when a user keeps inputting the same data. Consider Twitter which allows you to send the same tweet only once. If you send the same Tweet twice the program identifies this and removes the tweet, sending you an error message.

17 Planning for contingencies
Once a programmer has anticipated the misuse they can then plan for the these issues. For example: Limiting the number of logon attempts Ensuring the code is robust in validating the data entered. Another method used is authentication

18 Authentication Authentication is a coding method to check that a user is who they say they are and allowed to accesses the program. This can be as simple as the user entering a user name and password which is compared against a stored user name and password. If they match then the user is authenticated.

19 Authentication Authentication can also be physical.
New software often requires a key code which is generated by an app on the users phone and then entered. Online banking requires a user to enter credentials into a webpage and then a number is generated which is entered into a key device. This returns a number code which is entered into the webpage as well. Without the second part of the code the user is not authenticated.

20 Authentication Authentication methods vary from passwords to patterns and even image scanners. Authentication also occurs when you access a website, you request access to the server which hosts the page.

21 Authentication A summary of basic web authentication goes like this:
You make for a request for a webpage by typing in the URL The server responds with an error, requesting authentication Your device retries request - with authentication details encoded in request Again the server checks the details and sends the page requested, or another error

22 Make a list of programs where authentication is required and what type of authentication happens
Facebook Login

23 Maintainability If a program is to be defensive against attacks then it has to be maintained and up to date. API and code changes, which means that programs will need to adapt to complement new requirements. Comments and indentation are two methods to provide information for future users or programmers that may be required to maintain the code.

24 Indentation Code is indented for a number of reasons.
To group together a function The code does not use a { syntax and indentation is used instead If altering a function in the future it can be easily found.

25 Comments Comments in programs serve a number of purposes
To inform them reader of a bug or issues To explain the code and its function in more detail To stop a line of section of code from executing

26 Where are the comments?

27 Activity 3/Homework Create a simple ‘Top 10 tips for effective coding’ poster For example: add comments as you write the program and be polite Include examples and best practice You could include screen shots and images

28 Plenary Play Pictionary: draw words / terms related to the lesson content. Evaluate a program(s) that you have written: Are they robust? Make a list of features that are and that are not Apply defensive design to your own programs.

29 OCR Resources: the small print OCR’s resources are provided to support the teaching of OCR specifications, but in no way constitute an endorsed teaching method that is required by the Board, and the decision to use them lies with the individual teacher. Whilst every effort is made to ensure the accuracy of the content, OCR cannot be held responsible for any errors or omissions within these resources. © OCR This resource may be freely copied and distributed, as long as the OCR logo and this message remain intact and OCR is acknowledged as the originator of this work. OCR acknowledges the use of the following content: youtube.com/ADN Media/bbc Please get in touch if you want to discuss the accessibility of resources we offer to support delivery of our qualifications:

Download ppt "Unit 2.3 Robust Programs Lesson 1 - Defensive Design Consideration"

Similar presentations

Validation and Verification

Validation and Verification
 By the end of this, you should be able to state the difference between DATE and INFORMAITON.

 By the end of this, you should be able to state the difference between DATE and INFORMAITON.
A Level Physics A Delivery Guide Modelling decay of charge Key Concepts.

A Level Physics A Delivery Guide Modelling decay of charge Key Concepts.
What is Validation Understanding Validation (Different from Verification)

What is Validation Understanding Validation (Different from Verification)
Data and information. Information and data By the end of this, you should be able to state the difference between DATE and INFORMAITON.

Data and information. Information and data By the end of this, you should be able to state the difference between DATE and INFORMAITON.
Verification & Validation. Batch processing In a batch processing system, documents such as sales orders are collected into batches of typically 50 documents.

Verification & Validation. Batch processing In a batch processing system, documents such as sales orders are collected into batches of typically 50 documents.
1 AQA ICT AS Level © Nelson Thornes 2008 Good quality data and information Data terms.

1 AQA ICT AS Level © Nelson Thornes 2008 Good quality data and information Data terms.
© OCR 2016 Motion graphs. © OCR 2016 MOTION GRAPHS LESSON ELEMENT.

© OCR 2016 Motion graphs. © OCR 2016 MOTION GRAPHS LESSON ELEMENT.
Data Capture Forms What are they?. Example 1 Example 2.

Data Capture Forms What are they?. Example 1 Example 2.
© OCR 2016 H070 Topic Title H470 Topic Title Urban Futures Learner Resource 4 – Push and Pull Factors.

© OCR 2016 H070 Topic Title H470 Topic Title Urban Futures Learner Resource 4 – Push and Pull Factors.
© OCR 2016 H070 Topic Title H470 Topic Title Rotations.

© OCR 2016 H070 Topic Title H470 Topic Title Rotations.
N5 Databases Notes Information Systems Design & Development: Structures and links.

N5 Databases Notes Information Systems Design & Development: Structures and links.
The purpose of one Christian Aid Agency

The purpose of one Christian Aid Agency
Marriage and the wedding ceremony

Marriage and the wedding ceremony
Learner Activity 2: Boltzmann Distribution Curves Part of the ‘Rates of reaction and the Arrhenius equation’ Topic Exploration Pack.

Learner Activity 2: Boltzmann Distribution Curves Part of the ‘Rates of reaction and the Arrhenius equation’ Topic Exploration Pack.
The Boltzmann Distribution

The Boltzmann Distribution
Validation and verification 1.2

Validation and verification 1.2
A Level Business Investment Appraisal Lesson Elements.

A Level Business Investment Appraisal Lesson Elements.
Vectors H070 Topic Title H470 Topic Title.

Vectors H070 Topic Title H470 Topic Title.
Burglary picture game.

Burglary picture game.

Similar presentations

Ads by Google