Unit of competency
Modification History
Release |
Comments |
Release 1 |
This version first released with ICT Information and Communications Technology Training Package Version 1.0. |
Application
This unit describes the skills and knowledge required to implement security for software applications, including code access security, security access control, cryptographic and secure, input and output handling.
It applies to individuals who may be responsible for coding secure software applications and who may work as software developers, software engineers, system and security administrators, and testers.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Programming and software development
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
Elements describe the essential outcomes. |
Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Implement policy-based code-access security in an application |
1.1 Identify the purpose of application security in software development 1.2 Configure the platform security configuration files using security configuration tools 1.3 Define a custom code access permission, to restrict access to protected resources or to run protected operations |
2. Implement security access control in an application |
2.1 Plan an authentication and authorisation strategy 2.2 Develop an appropriate authentication and authorisation strategy for an application |
3. Write code to encrypt and decrypt data for secure communication |
3.1 Analyse the standard cryptographic algorithms 3.2 Encrypt, and decrypt, data using standard cryptographic algorithms |
4. Protect an application against injections |
4.1 Plan secure input and output handling, to prevent vulnerabilities related to code injections 4.2 Use secure input and output handling |
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill |
Performance Criteria |
Description |
Reading |
1.1, 3.1 |
|
Writing |
1.2, 3.2, 4.2 |
|
Get the work done |
1.2, 1.3, 2.1, 2.2, 3.2, 3.1, 4.1, 4.2 |
|
Unit Mapping Information
Code and title current version |
Code and title previous version |
Comments |
Equivalence status |
ICTPRG507 Implement security for applications |
ICAPRG507A Implement security for applications |
Updated to meet Standards for Training Packages |
Equivalent unit |
Links
Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2