SlideShare a Scribd company logo

Code - Fu: Defensive Programming

Download as PPTX, PDF
S
SovTech (Scrums.com)

The document discusses defensive programming, highlighting its importance in anticipating failure points to enhance software reliability, safety, and security. Key practices include data validation, enforcing coding standards, and writing maintainable code to avoid bugs and ensure robustness. It emphasizes the necessity of being vigilant about user input and the importance of teamwork in programming.

Software
Related topics:
Insights on Software Development
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Code- Fu: Defensive Programming With great power comes great responsibility ~ Peter Paker’s Dad’s Brother Ben
1980 A radiation therapy machine was directly responsible for at least 5 patient deaths 1996 A US$1 billion exploded 40 seconds after takeoff 2012 Apple Maps gives us directions to nowhere 2016 ABSA bank double charges clients Why learn another design pattern? Because: BUGS!
Intro to Code-Fu Defensive programming, simply put, is programming with the intent to anticipate likely failure points. Defensive programming practices are often used where high reliability, safety or security is needed.
Intro to Code-Fu cont... Defensive programming aims to improve software and source code, in terms of: 1. General quality (reduce bugs) 2. Comprehensive code a. Clean b. Readable c. Understandable d. Reliable e. Maintainable f. Testable g. Robustness 3. Predictable behaviour
Mastering the ways of Code-Fu Defensive programming is really programming for the real world where if anything can go wrong it will.
Real world programs 1. Are not in isolation, you can expect user input or external input 1. Are built & maintained by teams and the individuals making the team can change over time (imagine open source projects) 1. Need to work
External/User input ● Never trust external/user input ● Remember there are also users with malicious intent What helps ● Protect your code from invalid data (data validation) ● User whitelists not blacklists ● Use database abstraction (e.g. PDO for PHP)
We work in Teams ● Trust your fellow developers but DON’T trust their code ● Defensive Programming is much like Defensive Driving assume that everyone around us can potentially and possibly make mistakes. ● Teams can consists of individuals working from different planets What helps ● Enforcing coding standards (naming conversions included) ● Write SOLID code (Encapsulation) ● Write code for the maintainer (The maintainer can be future you) ● Parameter checks at the beginning of a function/method ● Unit tests, Regression testing, Integration tests
Bad programming // ES5
Check params + Encapsulation // ES5
Programs need to work ● Imagine paying R200 per month for Software that works 30% of the time What helps ● Add diagnostic code, logging and tracing (Bugsnag/Sentry) ● Security tests
As a Defensive programmer you need to have a healthy dosage of paranoia
Too much Paranoia
Good/Bad?
QUESTIONS?

More Related Content

PPTX
Code - Fu: Defensive Programming
Nyarai Tinashe Gomiwa
 
PDF
The pragmatic programmer
Joel Corrêa
 
PDF
Exception handling in Ruby
Amit Patel
 
PDF
Some Myths in Software Development
bryanbibat
 
PPTX
Cs2 Ch1
Reynolds SD
 
PPTX
Competitive Programming
Ritesh Reddy
 
PPTX
Software construction and development.pptx
FaizanAli393009
 
PPTX
1606125427-week8.pptx
SumbalIlyas1
 
Code - Fu: Defensive Programming
Nyarai Tinashe Gomiwa
 
The pragmatic programmer
Joel Corrêa
 
Exception handling in Ruby
Amit Patel
 
Some Myths in Software Development
bryanbibat
 
Cs2 Ch1
Reynolds SD
 
Competitive Programming
Ritesh Reddy
 
Software construction and development.pptx
FaizanAli393009
 
1606125427-week8.pptx
SumbalIlyas1
 

Similar to Code - Fu: Defensive Programming (20)

PPTX
Defensive programming
Mark Reynolds
 
PDF
Defensive Coding Crash Course
Mark Niebergall
 
PPTX
Eirtight writing secure code
Kieran Dundon
 
PDF
Defensive Coding Crash Course Tutorial
Mark Niebergall
 
PDF
Defensive Coding Crash Course - ZendCon 2017
Mark Niebergall
 
PPTX
secure coding techniques unit-iii material
Sri Latha
 
DOCX
Defensive coding practices is one of the most critical proactive s
LinaCovington707
 
PPTX
Developing Better Software
Hean Hong Leong
 
PPTX
An Introduction To Software Development - Implementation
Blue Elephant Consulting
 
PDF
OWASP Secure Coding Quick Reference Guide
Aryan G
 
PDF
Why Data Security Should Be a Priority in Your Software Development Strategy?
Mars Devs
 
PPTX
Best Practices for Embedding Security in the Development Stage
Covrize IT Solutions Private Limited
 
PDF
Linux Commands, C, C++, Java and Python Exercises For Beginners
Manjunath.R -
 
PDF
Fixing security by fixing software development
Nick Galbreath
 
PPTX
LOW LEVEL DESIGN INSPECTION SECURE CODING
Sri Latha
 
PDF
Designing software with security in mind?
Omegapoint Academy
 
PDF
App sec and quality london - may 2016 - v0.5
Dinis Cruz
 
PPTX
DefensiveProgramming (1).pptx
azida3
 
PPTX
Software Security : From school to reality and back!
Peter Hlavaty
 
DOC
Coding
Tasneem Siddiq
 
Defensive programming
Mark Reynolds
 
Defensive Coding Crash Course
Mark Niebergall
 
Eirtight writing secure code
Kieran Dundon
 
Defensive Coding Crash Course Tutorial
Mark Niebergall
 
Defensive Coding Crash Course - ZendCon 2017
Mark Niebergall
 
secure coding techniques unit-iii material
Sri Latha
 
Defensive coding practices is one of the most critical proactive s
LinaCovington707
 
Developing Better Software
Hean Hong Leong
 
An Introduction To Software Development - Implementation
Blue Elephant Consulting
 
OWASP Secure Coding Quick Reference Guide
Aryan G
 
Why Data Security Should Be a Priority in Your Software Development Strategy?
Mars Devs
 
Best Practices for Embedding Security in the Development Stage
Covrize IT Solutions Private Limited
 
Linux Commands, C, C++, Java and Python Exercises For Beginners
Manjunath.R -
 
Fixing security by fixing software development
Nick Galbreath
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
Sri Latha
 
Designing software with security in mind?
Omegapoint Academy
 
App sec and quality london - may 2016 - v0.5
Dinis Cruz
 
DefensiveProgramming (1).pptx
azida3
 
Software Security : From school to reality and back!
Peter Hlavaty
 
Coding
Tasneem Siddiq
 
Ad

Recently uploaded (20)

PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
System and Network Administration Chapter 2
jaramharo
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
Ad

Code - Fu: Defensive Programming

  • 1. Code- Fu: Defensive Programming With great power comes great responsibility ~ Peter Paker’s Dad’s Brother Ben
  • 2. 1980 A radiation therapy machine was directly responsible for at least 5 patient deaths 1996 A US$1 billion exploded 40 seconds after takeoff 2012 Apple Maps gives us directions to nowhere 2016 ABSA bank double charges clients Why learn another design pattern? Because: BUGS!
  • 3. Intro to Code-Fu Defensive programming, simply put, is programming with the intent to anticipate likely failure points. Defensive programming practices are often used where high reliability, safety or security is needed.
  • 4. Intro to Code-Fu cont... Defensive programming aims to improve software and source code, in terms of: 1. General quality (reduce bugs) 2. Comprehensive code a. Clean b. Readable c. Understandable d. Reliable e. Maintainable f. Testable g. Robustness 3. Predictable behaviour
  • 5. Mastering the ways of Code-Fu Defensive programming is really programming for the real world where if anything can go wrong it will.
  • 6. Real world programs 1. Are not in isolation, you can expect user input or external input 1. Are built & maintained by teams and the individuals making the team can change over time (imagine open source projects) 1. Need to work
  • 7. External/User input ● Never trust external/user input ● Remember there are also users with malicious intent What helps ● Protect your code from invalid data (data validation) ● User whitelists not blacklists ● Use database abstraction (e.g. PDO for PHP)
  • 8. We work in Teams ● Trust your fellow developers but DON’T trust their code ● Defensive Programming is much like Defensive Driving assume that everyone around us can potentially and possibly make mistakes. ● Teams can consists of individuals working from different planets What helps ● Enforcing coding standards (naming conversions included) ● Write SOLID code (Encapsulation) ● Write code for the maintainer (The maintainer can be future you) ● Parameter checks at the beginning of a function/method ● Unit tests, Regression testing, Integration tests
  • 10. Check params + Encapsulation // ES5
  • 11. Programs need to work ● Imagine paying R200 per month for Software that works 30% of the time What helps ● Add diagnostic code, logging and tracing (Bugsnag/Sentry) ● Security tests
  • 12. As a Defensive programmer you need to have a healthy dosage of paranoia