Skip to content
/ DefensiveDesign-DefensiveProgramming-QualityAssurance Public

This repository contains some of the code samples, diagrams and materials of the book "Practical Defensive Design, Defensive Programming and Quality Assurance principles"

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NinjaCross/DefensiveDesign-DefensiveProgramming-QualityAssurance

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
Cover.jpg
Cover.jpg
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Practical Defensive Design, Defensive Programming, and Quality Assurance principles

This repository contains some of the code samples, diagrams and materials of the book "Practical Defensive Design, Defensive Programming and Quality Assurance principles"

Defensive Design, Defensive Programming and Quality Assurance are vast, multi-faceted, complex topics with deep historical roots and significant ramifications across multiple aspects of IT.

book cover

Defensive Programming is a software development technique designed to improve the robustness and reliability of code. It’s about anticipating potential problems and implementing safeguards to prevent them, in order to improve, and potentially guarantee, User Safety, Cybersecurity, System Integrity, Privacy and Data Confidentiality.

Defensive Design is its counterpart at a higher abstraction level, and involves creating infrastructures and architectures able to host and run code created with the Defensive Programming principles. As the two faces of the same medal, they both involve many different aspects of programming and different strategies, depending on the kind of application, and the technologies used to create it.

Quality Assurance is the means by which a consistent and unified work methodology is achieved for all its principles. Defensive Design, Defensive Programming and Quality Assurance are practically inseparable; one cannot be effectively maintained long-term without the other.

If you are interested, you can buy the book on Amazon

Topics

The topics treated in the book are the following:

Section 1: General principles and landscape

  1. Defensive Design and Defensive Programming core principles
  2. KPIs (Key Performance Indicators)
  3. System health
  4. Cybersecurity misconceptions
  5. The “Defense in Depth” principle

Section 2: Defensive Design & Defensive Programming

  1. Anticipating errors and anomalies
  2. Graceful error handling
  3. Enhancing robustness and resilience
  4. Input validation
  5. Automated testing
  6. Assertions

Section 3: Cybersecurity

  1. Cybersecurity is a first-class citizen
  2. Cybersecurity posture
  3. Cybersecurity rules of thumb
  4. Software Bill Of Materials (SBOM)
  5. SemVer 2.0
  6. Knowledge bases and data formats
  7. IEC 62443
  8. Authentication vs Authorization
  9. Security models, schemas, domains
  10. Notable laws and regulations
  11. Cyber Resilience Act (CRA)

Section 4: Quality Assurance

  1. Quality Assurance principles
  2. VCS and code branch management
  3. Structured commits messages
  4. SAST & DAST
  5. The STRIDE and DREAD-D frameworks
  6. Software Development Lifecycle (SDLC)
  7. Secure Software Development Lifecycle
  8. CI/CD

Section 5: Good practices, Bad practices, and everything in-between

  1. Adopting the proper mindset
  2. Embrace the power of D.D.D.
  3. Architecture and high-level design
  4. Low-level modeling and coding best practices
  5. Your data is sacred
  6. Evolving the system
  7. Thinking like a defender
  8. All Hands, Safe and Sound

About

This repository contains some of the code samples, diagrams and materials of the book "Practical Defensive Design, Defensive Programming and Quality Assurance principles"

Topics

cybersecurity quality-assurance defensive-programming iec62443 cyber-resilience-act defensive-design

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository