6. Secure Software Design

Syllabus Points Covered

Secure software architecture

Designing software

• Interpret and apply fundamental software development steps to develop secure code

  • requirements definition

  • determining specifications

  • design

  • development

  • integration

  • testing and debugging

  • installation

  • maintenance

• Describe how the capabilities and experience of end users influence the secure design features of software

Developing secure code

• Apply security features incorporated into software including data protection, security, privacy and regulatory compliance

  • backups

  • secure deletion

  • multi-factor authentication

  • audit logs

  • secure defaults

  • consent controls

  • privacy settings

  • data minimisation

  • retention rules

  • privacy notices and policies

  • consent records

  • data access and deletion workflows

• Use and explain the contribution of cryptography and sandboxing to the ‘security by design’ approach in the development of software solutions

  • cryptography

  • sandboxing

• Use and explain the ‘privacy by design’ approach in the development of software solutions

  • proactive not reactive approach

  • embed privacy into design

  • respect for user privacy

• Test and evaluate the security and resilience of software by determining vulnerabilities, hardening systems, handling breaches, maintaining business continuity and conducting disaster recovery

  • determining vulnerabilities

  • hardening systems

  • handling breaches

  • maintaining business continuity

  • conducting disaster recovery

• Apply and evaluate strategies used by software developers to manage the security of programming code

  • code review

  • static application security testing (SAST)

  • dynamic application security testing (DAST)

  • vulnerability assessment

  • penetration testing

• Design, develop and implement a safe application programming interface (API) to minimise software vulnerabilities

  • data exposure

  • safe error responses

• Design, develop and implement code considering efficient execution for the user

  • memory management

  • exception management

Impact of safe and secure software development

• Apply and describe the benefits of collaboration to develop safe and secure software

  • considering various points of view

  • delegating tasks based on expertise

  • quality of the solution

Chapter Contents

• 6.1. Security and Privacy by Design
  • 6.1.1. Security by Design
  • 6.1.2. Security Features in Software
  • 6.1.3. Privacy by Design
  • 6.1.4. Glossary
• 6.2. Secure Software Stages
  • 6.2.1. Glossary
• 6.3. FlixReviews
• 6.4. Requirements
  • 6.4.1. Functional Requirements
  • 6.4.2. Non-Functional Requirements
  • 6.4.3. Glossary
• 6.5. Specifications
  • 6.5.1. Functional Requirements
  • 6.5.2. Non-Functional Requirements
• 6.6. Design
  • 6.6.1. Elements of a Design
  • 6.6.2. Examples
  • 6.6.3. Glossary
• 6.7. Integration and Testing
  • 6.7.1. Integration Activities
  • 6.7.2. Testing
  • 6.7.3. Glossary
• 6.8. Installation and Maintenance
  • 6.8.1. Installation
  • 6.8.2. Maintenance
  • 6.8.3. Glossary