Declaring variables

- [Instructor] One of the easiest ways to build security into your app is by understanding how to securely declare and manage variables. There are a handful of practices you can build into your dev process to help you do this. When you build security into the code itself, that's called imperative, or programmatic security. One advantage of this approach is that your security can be very detailed, very fine-grained. The downside is that security changes in this model require code changes. Declarative security, on the other hand, lives outside the code. While it may not be as detailed, it's easier to make changes to the security without requiring a code change. Keep in mind that these two models aren't mutually exclusive. You can use both in your app, choosing the best model for each specific use case. Regardless of whether you choose imperative or declarative security, you'll still want to apply security on a variable-by-variable basis. As a reminder, variables are those values within the code that can change when they need to change. Those changes are usually driven by actions that the users take, or by input the users provide to the app. One way to get ahead of potential memory errors is by enforcing type safety as you declare variables. Strings, integers, Booleans, each variable type tells your app how much space in memory each variable should need. In Java, for example, a byte or a Boolean only reserves one byte in memory, while variables like doubles and longs each reserve eight bytes. By enforcing type safety, you reduce the likelihood of unintended errors in your apps, while at the same time, reducing your app's attack surface. Another consideration you want to make when declaring variables is how your app will interact with the system on which the app is running, specifically as it pertains to resource management. As apps interact with systems, those apps have the capability to create, modify, and move system resources, as well as to destroy those resources when they're no longer needed. An attacker would love to hijack this management activity, which is only part of the reason that you need to securely approach resource management. It's also important to ensure that you're not using more than you need. Optimizing your app's resource management functions can significantly improve your app's performance. You can break resource management down into four simple categories, compute, storage, network, and memory. Determine where imperative security makes sense and where declarative security is the better option. Enforce type safety when declaring variables, ensure the app is performing resource management responsibly. A little attention to detail when declaring variables can go a long way towards securing your app.