This exam was the one I dreaded most.
Security - the one aspect we (app team) take for granted. The one which is taken care by someone we dont know. Every organization has a "Security Team" or a "Security guy/gal". The learning for this exam changed my perspective on so many levels regarding security. Now I respect the them even more.
I was warned by many (bloggers) about this exam. Even my mentor friend Rajeev Venkitaraman did. "Be careful," he said, "Study hard". After the easy Development Lifecycle exam, this was indeed a mountain to climb.
As usual after scoping out what I needed to learn, and then scheduling the topics, I started the
trailmix. Reading, reading and then lot of reading. :)
My initial attempt was to make myself comfortable and confident about the topic. By reading, and watching other related YouTube videos and blogs I was able to grasp the fundamentals. Meanwhile the
trailmix had lot of good resources.
The topics I concentrated on:
- SSO (You should be able to differentiate IdP (Identity Provider) initiated vs SP (Service Provider) Initiated authentication
- OAuth Flows (Identify what flow is best for the given scenario)
- Federated vs Delegated Authentication
- 2FA (Two Factor Authentication)
- Identity Connect
- Licenses
You need to practice all the flows (at least the SSO ones) and also the Security settings. Only if you practice you will be able to "get it". If you have a friend who works in this domain, call that dude up and remind that you are still a good friend :)
Anyways, this was a lot for me, but do-abble. The last week of my study was a refresher, spending my time on the
Ladies Be Architects study videos. They are a blessing indeed.
All the best. Send me a note if you want any help preparing. I will be glad to help you out.