Developing robust software

avatar
Created by
Amisha

Cards (11)

  • Vulnerabilities in code
    • Vulnerabilities are flaws in code that introduce security issues into software.
    • Hackers use these vulnerabilities to break into computer systems.
    • Some programming languages contain known vulnerabilities. For example, programs written in C access computer memory directly. This allows hackers to implement a ‘back door’ into systems.
  • Bad Practice
    • Many software projects contain vulnerabilities that have been introduced due to bad programming practices. Such practices include:
    • poorly planned design
    • quick fixes for problems
    • not using industry coding standards
    • poorly structured code
    • insufficient testing
  • Fixing bad practice
    • Code reviews can reduce some of these vulnerabilities. Automated reviews can be used to ensure programmers adhere to consistent standards. Programmers can review each other’s code to ensure it is compliant and doesn’t have any flaws.
    • Audit trails improve accountability by keeping track of who made what changes (and when) during the development process. Where necessary, this enables developers to restore a piece of code to the point it was at before a flaw was introduced.
  • Data validation
    • Data validation routines can ensure that data entered is of the right data type – for example, an integer 
    • Validation cannot ensure that the user has not entered a wrong value, or made a spelling mistake in a name
    • It can only ensure that the data is reasonable and conforms to a set of rules
  • Range check
    A number or date is within a sensible/allowed range
  • Length check
    Text entered is not too long or too short – for example, a password is between 8 and 15 characters
  • Presence check
    Checks that data has been entered, i.e. the field has not been left blank
  • Pattern/format check
    Checks that the format of, for example, a postcode or email address is correct
  • Verification
    • Verification is used to double-check that the data has been typed in correctly
  • Audit trails
    • Some information that may be in an audit trail:
    • Username that is running the code
    • What time an error or transaction occurred
    • Any error codes or transaction results
    • Files or networks accessed
  • Code reviews
    • A code review allows another programmer to check over your code
    • This technique allows a second person to:
    • Consider if there are any security problems with the code
    • Suggest alternative better methods or algorithms that could be used
    • Suggest ways that will make the code easier to understand
    • New or inexperienced team members are able to learn from more experienced programmers