[Year 12 SofDev] Security considerations influencing the design of solutions

Sat Feb 26 01:26:53 UTC 2022

Hi Sven,

Great question. Andrew has summed up the common expectations of students well. I would suggest that security needs to be a consideration at every stage of the PSM/SDLC.

For instance, if we identify a requirement in the Analysis stage that a given application requires secure authentication that integrates with our client’s authentication schema. Then at the Design stage I would suggest that we should be design the software solution such that the implementation is prescriptive. We might determine that our client uses multi-factor authentication backed by active directory and design a solution that authenticates via an OATH token or other method that active directory supports. If we left this decision for the implementation stage we might go and design a login screen where it may not be necessary because we are able to do single sign-on or we may not have identified the relevant dependencies for interaction with AD.

For many students their client will stipulate that authentication is not required/desired and I think this is okay in some instances as long it is consider and documented at the analysis stage. In this instance I still usually get students to think about the device(s) their client will use and how authentication on the device provides protection for their application data.

For data protection I ask students to think about permissions for their files and databases as well as their backup strategy. If they document something related to their intended file formats or backup strategy during U3O2 it makes U4O1 so much easier for them. At the simplest level knowing what files they need enables them to write relevant pseudocode.

Kind Regards,

Bernie

From: sofdev <sofdev-bounces at edulists.com.au> On Behalf Of Andrew Shortell
Sent: Saturday, 26 February 2022 12:13 PM
To: Year 12 Software Development Teachers' Mailing List <sofdev at edulists.com.au>
Subject: Re: [Year 12 SofDev] Security considerations influencing the design of solutions

CAUTION: This email originated from outside of KEW HIGH SCHOOL. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hi Sven

login - authentication
back ups security
safe saving

From a design point of view: Login
The student needs to show understanding in the report BUT in the design they only need the screen(s)
the psuedo code can just go straight through - need to demonstrate understanding of NEED for security

Also security of data - when doing delete student needs to ensure that the actual delete is not just a single click and it is gone
usually I have students hit delete then another button appears labelled something like “this will be gone for ever. Push me to destroy the data” and another button labelled “No NO I was wrong Save me from this”
Many students like the humour of the interface

Message boxes are so irritating that they often prevent bad moves but personally I have never liked them

Andrew

CRT a little bit

On 26 Feb 2022, at 11:59 am, 7 <7 at 7u7.org<mailto:7 at 7u7.org>> wrote:

Hi

Sofdev key knowledge for Unit 3 outcome 1 #14 says:

Security considerations influencing the design of Solutions, including authentication...

For authentication, I thought of hashes or checksums to verify the integrity of downloads, but this is not a design issue, is it? It would be implementation or something.

So what exactly is the study design aiming for kids to study here?

Hope someone can help

Sven
_______________________________________________
http://www.edulists.com.au - FAQ, Subscribe, Unsubscribe
IT Software Development Mailing List

________________________________
IMPORTANT - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Training.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://edulists.com.au/pipermail/sofdev/attachments/20220226/41563b53/attachment-0001.htm>