NTISthis.com

Evidence Guide: ICTPRG507 - Implement security for applications

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTPRG507 - Implement security for applications

What evidence can you provide to prove your understanding of each of the following citeria?

Implement policy-based code-access security in an application

  1. Identify the purpose of application security in software development
  2. Configure the platform security configuration files using security configuration tools
  3. Define a custom code access permission, to restrict access to protected resources or to run protected operations
Identify the purpose of application security in software development

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Configure the platform security configuration files using security configuration tools

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Define a custom code access permission, to restrict access to protected resources or to run protected operations

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Implement security access control in an application

  1. Plan an authentication and authorisation strategy
  2. Develop an appropriate authentication and authorisation strategy for an application
Plan an authentication and authorisation strategy

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop an appropriate authentication and authorisation strategy for an application

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Write code to encrypt and decrypt data for secure communication

  1. Analyse the standard cryptographic algorithms
  2. Encrypt, and decrypt, data using standard cryptographic algorithms
Analyse the standard cryptographic algorithms

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Encrypt, and decrypt, data using standard cryptographic algorithms

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Protect an application against injections

  1. Plan secure input and output handling, to prevent vulnerabilities related to code injections
  2. Use secure input and output handling
Plan secure input and output handling, to prevent vulnerabilities related to code injections

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Use secure input and output handling

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Implement policy-based code-access security in an application

1.1 Identify the purpose of application security in software development

1.2 Configure the platform security configuration files using security configuration tools

1.3 Define a custom code access permission, to restrict access to protected resources or to run protected operations

2. Implement security access control in an application

2.1 Plan an authentication and authorisation strategy

2.2 Develop an appropriate authentication and authorisation strategy for an application

3. Write code to encrypt and decrypt data for secure communication

3.1 Analyse the standard cryptographic algorithms

3.2 Encrypt, and decrypt, data using standard cryptographic algorithms

4. Protect an application against injections

4.1 Plan secure input and output handling, to prevent vulnerabilities related to code injections

4.2 Use secure input and output handling

Required Skills and Knowledge

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Implement policy-based code-access security in an application

1.1 Identify the purpose of application security in software development

1.2 Configure the platform security configuration files using security configuration tools

1.3 Define a custom code access permission, to restrict access to protected resources or to run protected operations

2. Implement security access control in an application

2.1 Plan an authentication and authorisation strategy

2.2 Develop an appropriate authentication and authorisation strategy for an application

3. Write code to encrypt and decrypt data for secure communication

3.1 Analyse the standard cryptographic algorithms

3.2 Encrypt, and decrypt, data using standard cryptographic algorithms

4. Protect an application against injections

4.1 Plan secure input and output handling, to prevent vulnerabilities related to code injections

4.2 Use secure input and output handling

Evidence of the following must be provided:

creating secure applications

planning effective security strategies

ensuring safe communications

preventing security attacks.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

Evidence of the ability to:

outline basic hardware, and networking

outline basic programming algorithms

explain object-oriented programming

recognise the mathematics required for programming algorithms.