Describe the benefits of developing secure software
SS-DS-01.01
data protection
SS-DS-01.02
minimising cyber attacks and vulnerabilities
SS-DS-02
Interpret and apply fundamental software development steps to develop secure code
SS-DS-02.01
requirements definition
SS-DS-02.02
determining specifications
SS-DS-02.03
design
SS-DS-02.04
development
SS-DS-02.05
integration
SS-DS-02.06
testing and debugging
SS-DS-02.07
installation
SS-DS-02.08
maintenance
SS-DS-03
Describe how the capabilities and experience of end users influence the secure design features of software
Developing Secure Code
Key
Description
Reference
Comment
SS-SC-01
Explore fundamental software design security concepts when developing programming code
SS-SC-01.01
confidentiality
SS-SC-01.02
integrity
SS-SC-01.03
availability
SS-SC-01.04
authentication
SS-SC-01.05
authorisation
SS-SC-01.06
accountability
SS-SC-02
Apply security features incorporated into software including data protection, security, privacy and regulatory compliance
SS-SC-03
Use and explain the contribution of cryptography and sandboxing to the ‘security by design’ approach in the development of software solutions
SS-SC-04
Use and explain the ‘privacy by design’ approach in the development of software solutions
SS-SC-04.01
proactive not reactive approach
SS-SC-04.02
embed privacy into design
SS-SC-04.03
respect for user privacy
SS-SC-05
Test and evaluate the security and resilience of software by determining vulnerabilities, hardening systems, handling breaches, maintaining business continuity and conducting disaster recovery
SS-SC-06
Apply and evaluate strategies used by software developers to manage the security of programming code
SS-SC-06.01
code review
SS-SC-06.02
static application security testing (SAST)
SS-SC-06.03
dynamic application security testing (DAST)
SS-SC-06.04
vulnerability assessment
SS-SC-06.05
penetration testing
SS-SC-07
Design, develop and implement code using defensive data input handling practices, including input validation, sanitisation and error handling
SS-SC-08
Design, develop and implement a safe application programming interface (API) to minimise software vulnerabilities
SS-SC-09
Design, develop and implement code considering efficient execution for the user
SS-SC-09.01
memory management
How to do memory management with python?
SS-SC-09.02
session management
SS-SC-09.03
exception management
Exception Handling
SS-SC-10
Design, develop and implement secure code to minimise vulnerabilities in user action controls
SS-SC-10.01
broken authentication and session management
SS-SC-10.01
cross-site scripting (XSS) and cross-site request forgery (CSRF)
SS-SC-10.01
invalid forwarding and redirecting
SS-SC-10.01
race conditions
SS-SC-02
Design, develop and implement secure code to protect user file and hardware vulnerabilities from file attacks and side channel attacks
Impact of Safe and Secure Software Development
Key
Description
Reference
Comment
SS-IS-01
Apply and describe the benefits of collaboration to develop safe and secure software
SS-IS-01.01
considering various points of view
SS-IS-01.02
delegating tasks based on expertise
SS-IS-01.03
quality of the solution
SS-IS-02
Investigate and explain the benefits to an enterprise of the implementation of safe and secure development practices
SS-IS-02.01
improved products or services
SS-IS-02.02
influence on future software development
SS-IS-02.03
improved work practices
SS-IS-02.04
productivity
SS-IS-02.05
business interactivity
SS-IS-03
Evaluate the social, ethical and legal issues and ramifications that affect people and enterprises resulting from the development and implementation of safe and secure software