teach-ict.com logo

THE education site for computer science and ICT

1. Introduction to defensive design

Application software often requires a user to input information into a system. This might include

  • A username / password entry
  • Contact details
  • Current date
  • Input into a search box
  • Building up a shopping cart
  • Entering data into a database

All these methods involve that most unpredictable component of any system - people!



Defensive design is the practice of anticipating every possible way that an end-user could misuse a system or device. During the defensive design process, methods are put in place to eliminate misuse. If this is not completely possible then it will aim to minimise the negative consequences.

You know that defensive design has not been good enough when

  • The program crashes.
  • The program behaves in an unintended fashion.
  • Data security has been compromised.

This section will discuss 'defensive design' - the practice of anticipating problems and writing the appropriate code to deal with them properly.