Unit of competency
Modification History
Release |
Comments |
Release 1 |
This version first released with ICT Information and Communications Technology Training Package Version 6.0. |
Application
This unit describes the skills and knowledge required to implement security for software applications, including code access security, security access control, cryptographic and secure, input and output handling.
It applies to individuals who work as software developers, software engineers, system and security administrators and testers, and responsible for coding secure software applications.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Programming and software development
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
Elements describe the essential outcomes. |
Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Implement policy-based code-access security |
1.1 Identify purpose of application security in software development 1.2 Configure required platform security configuration files using security configuration tools 1.3 Define required restriction custom code access permission and restrict access to protected resources 1.4 Define required access restriction custom code access and run protected operations |
2. Implement security access control |
2.1 Plan and document authentication and authorisation strategy according to organisational policies and procedures 2.2 Develop and document required application authentication and authorisation strategy |
3. Write encrypt and decrypt code data |
3.1 Determine and document required standard cryptographic algorithms 3.2 Encrypt, and decrypt, data using standard cryptographic algorithms |
4. Protect application against injections |
4.1 Plan and document secure input and output handling and prevent vulnerabilities related to code injections 4.2 Use secure input and output handling according to task requirements |
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
S KILL |
DESCRIPTION |
Oral communication |
|
Reading |
|
Writing |
|
Planning and organising |
|
Problem solving |
|
Technology |
|
Unit Mapping Information
Supersedes and is equivalent to ICTPRG507 Implement security for applications.
Links
Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2