In this post on Medium.com author Diego Mariani talks about the "Art of Defensive Programming" as it relates to the security of the code developers write.
Why don’t developers write secure code ? We’re not talking yet another time about “clean code” here. We’re talking about something more, on a pure practical perspective, software’s safety and security. Yes, because an insecure software is pretty much useless.[...] Why do I think Defensive Programming is a good approach to issue these problems in certain kind of projects? [...] I personally believe this approach [of continued functionality even in unforeseen circumstances] to be suitable when you’re dealing with a big, long-lived project where many people are involved. Also for instance, with an open source project that requires a lot of extensive maintenance.
He then covers some of what he sees as key tenets of programming defensively:
- Never trust user input
- Use database abstraction
- Don’t reinvent the wheel
- Don’t trust developers
- Write SOLID code
- Write tests
For each item in the list he provides a brief summary of the idea behind it and, in some places, some example code to help illustrate the point. The examples are in PHP but the principles could be applied to just about any language.