Skip to main content

What Is Defensive Programming ?

Defensive programming is a form of defensive design intended to ensure the continuing function of a piece of software under unforeseen circumstances. Defensive programming practices are often used where high availability, safety or security is needed. – WikiPedia

What Is Defensive Programming ?

Introduction

Defensive programming is a form of defensive design intended to ensure the continuing function of a piece of software under under unforeseen circumstances. Defensive programming practices are often used where high availability, safety or security is needed.

Advantages

Defensive programming is an approach to improve software and source code, in terms of:
  • General quality
  • Making the source code comprehensible
  • Making the software behave in a predictable manner

Drawback

Overly defensive programming, however, may safeguard against errors that will never be encountered, thus incurring run-time and maintenance costs. There is also the risk that the code traps or prevents too many exceptions, potentially resulting in unnoticed, incorrect results.

Secure Programming

Secure programming is the subset of defensive programming concerned with computer security. That is to say, security is the concern, not necessarily safety or availability. As with all kinds of defensive programming, avoiding bugs is a primary objective, however the motivation is not as much to reduce the likelihood of failure is normal operation, but to reduce the attack surface.

Offensive Programming

Offensive Programming is a category of defensive programing, with the added emphasis that certain errors should not be handled defensively. In this practice, only error from outside the program’s control are to be handled (such as user input); the software itself, as well as data from within the program’s line of defense, are to be trusted in this methodology.

Rules

  • Encrypt & authenticate all important data transmitted over networks.
  • Do not attempt to implement your own encryption scheme, use a proven one instead.
  • All data is important until proven otherwise.
  • All data is tainted until proven otherwise.
  • All code is insecure until proven otherwise.
Do You Write Defensive Code?

Comments

Popular posts from this blog

What is the difference between a direct and an indirect address instruction ?

Direct addressing means the instruction refers directly to the address being accessed. That is, the instruction encoding itself contains the address of the location. Depending on the instruction set, it may also allow computing a small index relative to the address. When used that way, you can think of that as a direct-indexed mode. (Note: Some processors call ‘direct’ mode ‘absolute’, such as the 6502.)

Indirect addressing uses an address held in a register or other location to determine what memory location to read or write. The idea here is that the instruction itself isn’t directly telling you the address to access, but rather indirectly telling the CPU where to find that address. The processor may also allow you to add a small offset to the indirect address, giving an indirect-indexed addressing mode.
Also Read : 5 Best Terminal Emulators for Linux The 6502 one is a little quirky: The 6502 doesn’t have general-purpose registers large enough to store addresses, so i…

What is ASP.NET? and it's ARCHITECTURE

What is ASP.Net?ASP.Net is a web development platform provided by Microsoft. It is used for creating web-based applications. ASP.Net was first released in the year 2002.
The first version of ASP.Net deployed was 1.0. The most recent version of ASP.Net is version 4.6. ASP.Net is designed to work with the HTTP protocol. This is the standard protocol used across all web applications.

ASP.Net applications can also be written in a variety of .Net languages. These include C#, VB.Net, and J#. In this chapter, you will see some basic fundamental of the .Net framework.

The full form of ASP is Active Server Pages, and .NET is Network Enabled Technologies.
ASP.NET Architecture and its Components ASP.Net is a framework which is used to develop a Web-based application. The basic architecture of the ASP.Net framework is as shown below.
 he architecture of the.Net framework is based on the following key components

Language – A variety of languages exists for .net framework. They are VB.n…