How to Avoid Bugs and Vulnerabilities Using Defensive Programming


Defensive programming

Defensive programming is a strange combination of eliminating unnecessary code while ensuring enough code is written

Programming is only a set of instructions logically arranged for the machine to perform a required task. An average program runs for at least a few thousand lines and errors are inevitable. Coding errors can result either from inefficient coding habits and may prove disastrous for the security, stability, and quality of the code. One of the better ways to prevent errors is to have guardrails, more from the programmer’s side than as dictated ones. Defensive programming is one such programming practice mostly adopted by programmers to handle errors efficiently. Well, for a novice, it’s a part of programming, ie, normal programming. Normal programming can eliminate certain errors and bugs and this happens when you know what errors one may encounter. A programmer would know in advance the errors that accompany checking for null or in the case of validating user input. Sometimes an embedded code can return unknown_error the developer is vaguely aware of why it is happening. Here comes the Defensive Programming to rescue.

What is Defensive Programming?

It is a programming practice meant to prevent errors and vulnerabilities in software programming for unforeseen situations. Defensive programming lets developers detect potential security abnormalities so that the program responds in a predetermined fashion. Defensive programming techniques include a strange combination of eliminating unnecessary code while ensuring enough code is written to be able to address all possible user actions. Apart, the code should be easy to audit for extensive testing.

What should we be defensive about?

Coding errors, although unforeseen can be categorized. They happen when a client’s requirements keep changing constantly, replacement of infrastructure, time pressure, or it can also be legacy issues. Just addressing the issues below can eliminate hopelessness when the right code doesn’t turn out to be productive.

Incorrect entries: Correct input equals correct output. No one can disagree with that. But at the end of the day, human error is quite something. Developers court this problem by including appropriate user entry validation.

Invalid operations:

Avoiding invalid results is possible only by passing the right arguments into the operations involved. Following unit testing ensures an extra layer of quality.

System breakdown:

There will always be a possibility of the system going down and taking away the code with it. Certain exceptions like checks and manages are added as part of defensive programming, like checking for network availability before saving data and calling an exception when the network is down, and saving data locally until the network restores.

Future Developers

When a project moves hands, it is subject to review and refactoring by the new team. A complex code if not written neatly can be modified without regard to the effect it can bring to the code. It happens when the newbie developer tries to change the code without having a comprehensive understanding of the code. A defensive programmer, keeping these difficulties in view, will ensure the code is simple to understand.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *