Defensive Programming Article Index for
Defensive 		Website Links For
Defensive 		 

Information About

Defensive Programming
  CATEGORIES ABOUT DEFENSIVE PROGRAMMING
   
software engineering
   
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



Defensive programming is an approach to improve software and source code, in terms of:
  • General quality - Reducing the number of Software Bug s and problems.

  • Making the source code comprehensible - the source code should be readable and understandable so it is approved in a Code Audit .

  • Making the software behave in a predictable manner despite unexpected input or user actions.



SECURE PROGRAMMING

Defensive programming is sometimes referred to as secure programming by computer scientists who state this approach minimizes bugs. Software Bug s can be potentially used by a Cracker for a Code Injection , Denial-of-service Attack or other attack.

A difference between defensive programming and normal practices is that few assumptions are made by the programmer, who attempts to handle all possible error states. In short, the programmer never assumes a particular function call or library will work as advertised, and so handles it in the code. An example follows:

  • input)

    • {

char str {Link without Title} ;
strcpy ( str, input ); // copy input
...
...
}
The function will crash on very long input. Many mainstream programmers may not feel that this is a problem because "Surely no one will enter that long of an input!". A programmer practicing defensive programming would not allow the bug, because if the application contains a known bug, Murphy's Law dictates that the bug will occur in use. This particular bug demonstrates a vulnerability which enables Buffer Overflow Exploit s.


SOME DEFENSIVE PROGRAMMING TECHNIQUES

Here are some defensive programming techniques suggested by some leading computer scientists to avoid creating security problems and Software Bug s These computer scientists state that while this process can improve general quality of code, it ''not'' sufficient to ensure security. See the articles Computer Insecurity and Secure Computing for more information.

Defensive software programming principles described by leading proponents include:

Reduce source code complexity

Never make code more complex than necessary. Complexity breeds bugs, including security problems. This goal can conflict with the goal of writing programs that can recover from any error and handle any user input. Handling all Unexpected Occurrences in a program requires the programmer to add extra code, which may also contain bugs.


Source code reviews

A source code review is where someone other than the original author performs a Code Audit . A do-it-yourself Security Audit is insufficient: the review must be made by a non-author, just as when writing a book, it must be proofread by someone other than the author.

Simply making the code available for others to read (see Free Software or Open Source Definition ) is insufficient: there is no guarantee that the code will ever be looked at, let alone that it will be rigorously reviewed.


Software testing

Software Testing should include both whether the software works as intended, and what is supposed to happen when deliberately bad input is supplied.

Testing tools can capture keystrokes associated with normal operations, then the captured keystroke strings can be copied and edited to try out all Permutations of combinations, then extended for later tests after any Modification s. Proponents of key logging state that programmers who use this method should make sure that the people whose keystrokes are being captured are aware of this, and for what purpose, to avoid accusations of Privacy violation.


Intelligent source code reuse

If possible, reuse code instead of writing from scratch. The idea is to capture the benefits of well written and well tested source code, instead of creating unnecessary bugs.

However, re-using code is not ''always'' the best way to go forward, particularly when business logic is involved. Reuse in this case may cause serious Business Process bugs.


The legacy problems

Before reusing old source code, libraries, APIs, configurations and so forth, it must be considered if the old work is valid for reuse, or if it is likely to be prone to Legacy problems.

Legacy problems are problems inherent when old designs are expected to work with today's requirements, especially when the old designs were not developed or tested with those requirements in mind.

Many software products have experienced problems with old legacy source code, for example:
  • Legacy Code may not have been designed under a Defensive programming initiative, and might therefore be of much lower quality than newly designed source code.

  • Legacy code may have been written and tested under conditions which no longer apply. The old quality assurance tests may have no validity any more. Example 1: legacy code may have been designed for ASCII input but now the input is UTF-8. '''Example 2''': legacy code may have been compiled and tested on 32-bit architectures, but when compiled on 64-bit architectures new arithmetic problems may occur (e.g. invalid signedness tests, invalid type casts, etc.). '''Example 3''': legacy code may have been targeted for offline machines, but becomes vulnerable once network connectivity is added.

  • Legacy code is not written with new problems in mind. For example, source code written about 1990 is likely to be prone to many Code Injection vulnerabilities, because most such problems were not widely understood at that time.


Notable examples of the legacy problem: