Google Links
Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge
Required Skills
deal with common programming security problems
identify security weaknesses in existing code
literacy skills to evaluate complex and varied information and concepts in software security
planning and organisational skills to ensure privacy for users and protect sensitive user data
problemsolving skills to develop and refine security access control strategies
use security configuration tools
write secure code for application
basic hardware and networking knowledge
Evidence Required
Range Statement
Application security may include: | code protectioncryptographyinjectionssecurity access control (SAC):authenticationauthorisation. |
Security configuration tools may include: | Java Policy Tool (policytool.exe) for setting code and principal-based security policies.NET security configuration files:enterprisemachineuser.NET security configuration tools:Caspol.exeMscorcfg.msc. |
Code access permission may include: | file system rights and authorisationjava.security.Permission or java.security.BasicPermissionNET Code Access Permission class. |
Authentication and authorisation strategy may include: | certificate managementlogin mechanism membership providerrole-based securityuser access control (UAC)web service rights and authentication. |
Cryptographic algorithms may include: | asymmetrichashespassword-based encryptionsignaturessymmetric. |
Secure input and output handling may include: | escapinginput encodinginput validationoutput encodingparameterised structured query language (SQL) queries. |