β Software Engineering syllabus
Module 1: Secure Software Architecture
7 dot points across 2 inquiry questions. Click any dot point for a focused answer with worked past exam questions where available.
Inquiry Question 1: How are secure systems designed?
- Explain the role of authentication and authorisation in restricting access to a system, and identify common implementation methods including multi-factor authentication and role-based access control
A focused answer to the HSC Software Engineering Module 1 dot point on authentication and authorisation. The difference between the two, multi-factor authentication, role-based access control, the worked SaaS-app example, and the traps markers look for.
6 min answer β - Describe how the confidentiality, integrity and availability (CIA) triad is applied to the design of secure software
A focused answer to the HSC Software Engineering Module 1 dot point on the CIA triad. Confidentiality, integrity, availability, how each is enforced in a real system, the worked banking-app example, and the traps markers look for.
5 min answer β - Compare symmetric and asymmetric encryption, and describe their roles in securing data in transit and at rest
A focused answer to the HSC Software Engineering Module 1 dot point on encryption. Symmetric (AES) versus asymmetric (RSA), where each is used, how HTTPS combines them, the worked example, and the traps markers look for.
6 min answer β - Describe how hashing and salting protect stored passwords, and identify weaknesses in storing passwords in plain text or with reversible encryption
A focused answer to the HSC Software Engineering Module 1 dot point on password hashing. Why passwords are hashed and not encrypted, salting, slow hash functions like bcrypt, the worked example, and the traps markers look for.
5 min answer β
Inquiry Question 2: How can the security of a developed solution be evaluated?
- Apply input validation, sanitisation and output encoding to defend against injection attacks
A focused answer to the HSC Software Engineering Module 1 dot point on input validation. Allow-list vs deny-list, sanitisation, output encoding, parameterised queries, the worked SQL injection example, and the traps markers look for.
6 min answer β - Identify the OWASP Top 10 web application security risks and describe mitigations for each
A focused answer to the HSC Software Engineering Module 1 dot point on the OWASP Top 10. Each risk, an example, and a mitigation, the worked broken-access-control example, and the traps markers look for.
7 min answer β - Describe the secure development lifecycle, including threat modelling, secure coding practices, security testing and ongoing monitoring
A focused answer to the HSC Software Engineering Module 1 dot point on the SDLC. Threat modelling, secure coding standards, code review, SAST and DAST tools, penetration testing, ongoing monitoring, and the traps markers look for.
6 min answer β