Module 1: Secure Software Architecture
7 dot points across 2 inquiry questions. Click any dot point for a focused answer with worked past exam questions where available.
Inquiry Question 1: How are secure systems designed?
A focused answer to the HSC Software Engineering Module 1 dot point on authentication and authorisation. The difference between the two, multi-factor authentication, role-based access control, the worked SaaS-app example, and the traps markers look for.
A focused answer to the HSC Software Engineering Module 1 dot point on the CIA triad. Confidentiality, integrity, availability, how each is enforced in a real system, the worked banking-app example, and the traps markers look for.
A focused answer to the HSC Software Engineering Module 1 dot point on encryption. Symmetric (AES) versus asymmetric (RSA), where each is used, how HTTPS combines them, the worked example, and the traps markers look for.
A focused answer to the HSC Software Engineering Module 1 dot point on password hashing. Why passwords are hashed and not encrypted, salting, slow hash functions like bcrypt, the worked example, and the traps markers look for.
Inquiry Question 2: How can the security of a developed solution be evaluated?
A focused answer to the HSC Software Engineering Module 1 dot point on input validation. Allow-list vs deny-list, sanitisation, output encoding, parameterised queries, the worked SQL injection example, and the traps markers look for.
A focused answer to the HSC Software Engineering Module 1 dot point on the OWASP Top 10. Each risk, an example, and a mitigation, the worked broken-access-control example, and the traps markers look for.
A focused answer to the HSC Software Engineering Module 1 dot point on the SDLC. Threat modelling, secure coding standards, code review, SAST and DAST tools, penetration testing, ongoing monitoring, and the traps markers look for.
