Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.
Required skills
analytical skills to:
deal with common programming security problems
identify security weaknesses in existing code
literacy skills to evaluate complex and varied information and concepts in software security
planning and organisational skills to ensure privacy for users and protect sensitive user data
problem-solving skills to develop and refine security access control strategies
technical skills to:
use security configuration tools
write secure code for application.
Required knowledge
basic hardware and networking knowledge
basic programming algorithms
detailed knowledge of object-oriented programming
maths at basic level.
The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.
Application security may include: | code protection cryptography injections security access control (SAC): authentication authorisation. |
Security configuration tools may include: | Java Policy Tool (policytool.exe) for setting code and principal-based security policies .NET security configuration files: enterprise machine user .NET security configuration tools: Caspol.exe Mscorcfg.msc. |
Code access permission may include: | file system rights and authorisation java.security.Permission or java.security.BasicPermission NET Code Access Permission class. |
Authentication and authorisation strategy may include: | certificate management login mechanism membership provider role-based security user access control (UAC) web service rights and authentication. |
Cryptographic algorithms may include: | asymmetric hashes password-based encryption signatures symmetric. |
Secure input and output handling may include: | escaping input encoding input validation output encoding parameterised structured query language (SQL) queries. |
Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.
Observation Checklist