Defensive programming is a form of defensive design
intended to ensure the continuing function of a piece of software under
unforeseen circumstances. Defensive programming practices are often
used where high availability, safety or security is needed. – WikiPedia
 |
| What Is Defensive Programming ? |
Introduction
Defensive programming is a form of defensive design intended to ensure the continuing function of a piece of software under under unforeseen circumstances. Defensive programming practices are often used where high availability, safety or security is needed.Advantages
Defensive programming is an approach to improve software and source code, in terms of:- General quality
- Making the source code comprehensible
- Making the software behave in a predictable manner
Drawback
Overly defensive programming, however, may safeguard against errors that will never be encountered, thus incurring run-time and maintenance costs. There is also the risk that the code traps or prevents too many exceptions, potentially resulting in unnoticed, incorrect results.Secure Programming
Secure programming is the subset of defensive programming concerned with computer security. That is to say, security is the concern, not necessarily safety or availability. As with all kinds of defensive programming, avoiding bugs is a primary objective, however the motivation is not as much to reduce the likelihood of failure is normal operation, but to reduce the attack surface.Offensive Programming
Offensive Programming is a category of defensive programing, with the added emphasis that certain errors should not be handled defensively. In this practice, only error from outside the program’s control are to be handled (such as user input); the software itself, as well as data from within the program’s line of defense, are to be trusted in this methodology.Rules
- Encrypt & authenticate all important data transmitted over networks.
- Do not attempt to implement your own encryption scheme, use a proven one instead.
- All data is important until proven otherwise.
- All data is tainted until proven otherwise.
- All code is insecure until proven otherwise.
Do You Write Defensive Code?
0 Comments