Secure software architecture

This lesson comprises eight (8) master classes focusing on:

• Developing secure software
• Security concepts in programming
• Resilience of software
• Application programming interface
• Social, ethical and legal issues in software development

Content:

Designing software

• Describe the benefits of developing secure software, including:
  • data protection
  • minimising cyber attacks and vulnerabilities
• Interpret and apply fundamental software development steps to develop secure code, including:
  • requirements definition
  • determining specifications
  • design
  • development
  • integration
  • testing and debugging
  • installation
  • maintenance
• Describe how the capabilities and experience of end users influence the secure design features of software

Developing secure code

• Explore fundamental software design security concepts when developing programming code, including:
  • confidentiality
  • integrity
  • availability
  • authentication
  • authorisation
  • accountability
• Apply security features incorporated into software including data protection, security, privacy and regulatory compliance
• Use and explain the contribution of cryptography and sandboxing to the ‘security by design’ approach in the development of software solutions
• Use and explain the ‘privacy by design’ approach in the development of software solutions, including:
  • proactive not reactive approach
  • embed privacy into design
  • respect for user privacy
• Test and evaluate the security and resilience of software by determining vulnerabilities, hardening systems, handling breaches, maintaining business continuity and conducting disaster recovery
• Apply and evaluate strategies used by software developers to manage the security of programming code, including:
  • code review
  • static application security testing (SAST)
  • dynamic application security testing (DAST)
  • vulnerability assessment
  • penetration testing
• Design, develop and implement code using defensive data input handling practices, including input validation, sanitisation and error handling
• Design, develop and implement a safe application programming interface (API) to minimise software vulnerabilities
• Design, develop and implement code considering efficient execution for the user, including:
  • memory management
  • session management
  • exception management
• Design, develop and implement secure code to minimise vulnerabilities in user action controls, including:
  • broken authentication and session management
  • cross-site scripting (XSS) and cross-site request forgery (CSRF)
  • invalid forwarding and redirecting
  • race conditions
• Design, develop and implement secure code to protect user file and hardware vulnerabilities from file attacks and side channel attacks

Impact of safe and secure software development

• Apply and describe the benefits of collaboration to develop safe and secure software, including:
  • considering various points of view
  • delegating tasks based on expertise
  • quality of the solution
• Investigate and explain the benefits to an enterprise of the implementation of safe and secure development practices, including:
  • improved products or services
  • influence on future software development
  • improved work practices
  • productivity
  • business interactivity
• Evaluate the social, ethical and legal issues and ramifications that affect people and enterprises resulting from the development and implementation of safe and secure software, including:
  • employment
  • data security
  • privacy
  • copyright
  • intellectual property
  • digital disruption