Reliability, safety and security

Perhaps the most important aspect that distinguishes professional developers from hobbyists is that professionals know they have a responsibility to create secure, secure solutions.

A software component must be robust against bad data, incorrect states, and incorrect interactions. It is VERY difficult to achieve this resilience – which is why we constantly read about how someone died due to a software bug.

Users will enter “bad” and incorrect data into the software. Someone will do this on purpose – in order to hack the software and get to the resources that the software represents. The employee allegedly responsible for the security breach in the American credit bureau Equifax, which was exploited by the attackers, was accused of not doing his job: he had to provide resistance to “bad” and malicious data in all software, openly published on behalf of the company …

The security challenge is not only about “bad” and malicious data, but also about normal data. For example, if a user has forgotten their password, how many times can they try to enter it? Should I block it after exhausting input attempts? What if someone deliberately tries to block a user? Should users be able to send a password over an unencrypted connection? What if someone tries to log in from an unusual location? What to do if you suspect that you are logging in automatically?

How do you protect your users from cross-site scripting and cross-site request forgery, male-in-the-middle attacks, and simple social phishing? How to develop a backup strategy in the event of a DDoS attack on servers? The listed issues are just a small part of the many issues that need to be considered when designing.

Protected programs store confidential information not in plain text, but as one-way encrypted data with difficult-to-crack algorithms. This is a backup protection in case of hacking of software and unauthorized access to data: hackers will get encrypted data, which in most cases will be useless.

An application can go into an error state and need to be fixed: even the best programs have unexpected problems. If you don’t factor this into your planning, you are not a professional developer, but just a coder with unsafe programs.

Software defects are difficult to identify. Our mind is limited in its ability to predict and prevent known defects. Therefore, software developers value good tools that help them write correct code and create secure software.