Secure Software Architecture

2. Secure Software Architecture#

Legend

  • Here - found in the module

  • Moved - found in a different module

  • Implicit - covered by the process of completing this or a different module

  • Coming Soon - to be provided at a later date

  • Not Planned - not covered in this book

  • Mixed - covered across multiple statuses

Designing software

Describe the benefits of developing secure software

Including:

data protection
minimising cyber attacks and vulnerabilities

Interpret and apply fundamental software development steps to develop secure code

Including:

requirements definition
determining specifications
design
development
integration
testing and debugging
installation
maintenance

Describe how the capabilities and experience of end users influence the secure design features of software

Developing secure code

Explore fundamental software design security concepts when developing programming code

Including:

confidentiality
integrity
availability
authentication
authorisation
accountability

Apply security features incorporated into software including data protection, security, privacy and regulatory compliance

Including:

encryption
hashed passwords
access controls
backups
secure deletion
multi-factor authentication
role-based authorisation
input validation
audit logs
secure defaults
consent controls
privacy settings
data minimisation
retention rules
privacy notices and policies
consent records
data access and deletion workflows
breach reporting processes

Use and explain the contribution of cryptography and sandboxing to the ‘security by design’ approach in the development of software solutions

Including:

cryptography
sandboxing

Use and explain the ‘privacy by design’ approach in the development of software solutions

Including:

proactive not reactive approach
embed privacy into design
respect for user privacy

Test and evaluate the security and resilience of software by determining vulnerabilities, hardening systems, handling breaches, maintaining business continuity and conducting disaster recovery

Including:

determining vulnerabilities
hardening systems
handling breaches
maintaining business continuity
conducting disaster recovery

Apply and evaluate strategies used by software developers to manage the security of programming code

Including:

code review
static application security testing (SAST)
dynamic application security testing (DAST)
vulnerability assessment
penetration testing

Design, develop and implement code using defensive data input handling practices, including input validation, sanitisation and error handling

Design, develop and implement a safe application programming interface (API) to minimise software vulnerabilities

Including:

safe endpoints
request validation
authentication and authorisation
least privilege
rate limiting
data exposure
safe error responses
HTTPS for APIs

Design, develop and implement code considering efficient execution for the user

Including:

memory management
session management
exception management

Design, develop and implement secure code to minimise vulnerabilities in user action controls

Including:

broken authentication and session management
cross-site scripting (XSS) and cross-site request forgery (CSRF)
invalid forwarding and redirecting
race conditions

Design, develop and implement secure code to protect user file and hardware vulnerabilities from file attacks and side channel attacks

Including:

file attacks
side channel attacks

Impact of safe and secure software development

Apply and describe the benefits of collaboration to develop safe and secure software

Including:

considering various points of view
delegating tasks based on expertise
quality of the solution

Investigate and explain the benefits to an enterprise of the implementation of safe and secure development practices

Including:

improved products or services
influence on future software development
improved work practices
productivity
business interactivity