Q 4 Whizlabs authors (5): questions on the Big 4 in Webapp Security

Ciao Siva,

Are the four fundamental security concepts
(i.e. authentication, authorization, data
integrity, confidentiality) the topics that
might have the highest weight in the exam?

Is there a particular way/format of asking
questions on these concepts?

Grazie mille,

Gian Franco

Buongiorno Gian.

A posting from Bert bates(Co-author of
scwcd 1.4 exam) details the security concepts tested in the exam.

- As stated in the objectives, four fundamental security concepts (the Big 4), are important for the exam:

- authentication
- authorization
- data integrity
- confidentiality

Note: As these terms are in wide spread use, refer to chapter 12 of the Servlet 2.4 specification for the definitions that will be used in the exam.

- You should understand the Big 4 from a conceptual level and be able to recognize which concept is appropriate for a given situation.

- You should understand how the Big 4 relate to programmatic versus declarative security in the context of Servlets and JSPs. For instance, you should understand how the Big 4 CAN and CANNOT be represented in the deployment descriptor. You should also understand how the HttpServletRequest interface applies to security.

- Of the three security oriented objectives, the objective that focuses on the deployment descriptor is by far the most detail oriented.

- You should understand in detail the structure and use of the following elements of the deployment descriptor:

- <security-constraint>
- <login-config>
- <security-role>

In addition, you should understand these elements' sub-elements.

- You should understand the concept of "security constraints" as it applies to Servlets. Understand the following elements:

- <web-resource-collection>
- <auth-constraint>
- <user-data-constrint>

*** Pay special attention to the following elements, and the combining rules related to these elements:

- <url-pattern>
- <http method>

- You should understand how the "transport guarantee" concept is applied to servlets.

- You should understand how to use programmatic and declarative security-related code fragments together.

Objective 5.3 is focused on authentication, which is not that complex a subject from the Servlets perspective. Because this objective is not so heavy-duty, the related questions tend to be a bit more detail oriented (some might even say "trivia oriented".)

- If you understand the following sections from the Servlet 2.4 spec, you'll be in good shape for this objective:

- 12.5, 12.5.1, 12.5.2, 12.5.3, 12.5.3.1, 12.5.4, 12.6, 12.7

Buonlavoro
Siva

Buon lavoro, e grazie di nuovo

Gian Franco

Is that Italian? Please translate.

Hi,

Originally posted by Frankie Cha:
Is that Italian? Please translate.

Yes it is.

"Buon lavoro, e grazie di nuovo"

means

So, after beeing reviewed, the Big 4 objectives have been provided
an indication of the importance with respect to other objectives?
And based on these results, the sections are weighted to determine
how many items need to be written in each section; furthermore, each
objective within a section is also weighted to determine how many items
per objective need to be written. Am I right?

juuust kidding , it means "Have a nice working day, and thanks
again"

Cheers,

Gian Franco
[ June 10, 2004: Message edited by: Gian Franco Casula ]