Defensive programming is a form of defensive design intended to ensure the continuing function of a piece of software under unforeseen circumstances. Defensive programming practices are often used where high availability, safety or security is needed. – WikiPedia
|What Is Defensive Programming ?|
IntroductionDefensive programming is a form of defensive design intended to ensure the continuing function of a piece of software under under unforeseen circumstances. Defensive programming practices are often used where high availability, safety or security is needed.
AdvantagesDefensive programming is an approach to improve software and source code, in terms of:
- General quality
- Making the source code comprehensible
- Making the software behave in a predictable manner
DrawbackOverly defensive programming, however, may safeguard against errors that will never be encountered, thus incurring run-time and maintenance costs. There is also the risk that the code traps or prevents too many exceptions, potentially resulting in unnoticed, incorrect results.
Secure ProgrammingSecure programming is the subset of defensive programming concerned with computer security. That is to say, security is the concern, not necessarily safety or availability. As with all kinds of defensive programming, avoiding bugs is a primary objective, however the motivation is not as much to reduce the likelihood of failure is normal operation, but to reduce the attack surface.
Offensive ProgrammingOffensive Programming is a category of defensive programing, with the added emphasis that certain errors should not be handled defensively. In this practice, only error from outside the program’s control are to be handled (such as user input); the software itself, as well as data from within the program’s line of defense, are to be trusted in this methodology.
- Encrypt & authenticate all important data transmitted over networks.
- Do not attempt to implement your own encryption scheme, use a proven one instead.
- All data is important until proven otherwise.
- All data is tainted until proven otherwise.
- All code is insecure until proven otherwise.
Do You Write Defensive Code?