Software Security Project (half done!)

Anonymous
timer Asked: Jan 28th, 2021

Question Description

You work as a developer for a software company, Global Rain, an engineering company that specializes in custom software design and development for entrepreneurs, businesses, and government agencies around the world. At your company, part of your mission is that “Security is everyone’s responsibility.” You have been promoted to the newly formed agile scrum team for Global Rain.

At Global Rain, you are tasked with working with a client, Artemis Financial. Your client is a financial consulting company that develops individualized financial plans for savings, retirement, investments, and insurance for their patrons.

Artemis Financial desires to modernize its operations and, as a crucial part of the success of its custom software, they want to implement and apply the most current and effective software security. Artemis Financial has a RESTful web application programming interface (API) and is seeking Global Rain’s expertise in taking steps to protect the organization from external threats.

As part of the team, you are tasked with examining Artemis Financial’s web-based software application to identify any security vulnerabilities in their current software. Your assessment will be used to complete a vulnerability assessment report for mitigating the security vulnerabilities that you identify.

Directions

You are tasked with examining Artemis Financial’s web-based software application by conducting a vulnerability assessment. Implementing what you have learned so far and using the supporting materials provided to assist you, review and analyze the security vulnerabilities specific to Artemis Financial’s web-based software application and document the following in the Vulnerability Assessment Report Template.

3. The Vulnerability Assessment Process Flow Diagram. Use what you’ve learned in Steps 1 and 2 to guide your manual review. Identify all vulnerabilities in the code base by manually inspecting the code. Document your findings in your Vulnerability Assessment Report. Be sure to include a description identifying where the vulnerabilities are found (specific class file, if applicable).

4. Static Testing: Integrate the dependency check plug-in into Maven by following the instructions outlined in the tutorial provided. Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code. Specifically, record the following from the dependency check report in your Vulnerability Assessment Report:

    1. The names or vulnerability codes of the known vulnerabilities
    2. A brief description and recommended solutions provided by the dependency check report
    3. Attribution (if any) that documents how this vulnerability has been identified or documented previously
  1. Mitigation Plan: Interpret the results from the manual review and static testing report. Identify steps to remedy the identified security vulnerabilities by creating an action list that documents how to fix each vulnerability in your Vulnerability Assessment Report

Unformatted Attachment Preview

CS 305 Project One Artemis Financial Vulnerability Assessment Report 1 Table of Contents Document Revision History....................................................................................................................... 3 Client ......................................................................................................................................................... 3 Instructions ............................................................................................................................................... 3 Developer .................................................................................................................................................. 4 1. Interpreting Client Needs ...................................................................................................................... 4 2. Areas of Security ................................................................................................................................... 4 3. Manual Review...................................................................................................................................... 5 4. Static Testing ......................................................................................................................................... 5 5. Mitigation Plan ...................................................................................................................................... 5 2 Document Revision History Version Date 1.0 Author Matthew Marinelli 1/27/2021 Comments Conducting Vulnerability Assessment Client Instructions Deliver this completed vulnerability assessment report, identifying your findings of security vulnerabilities and articulating recommendations for next steps to remedy the issues you have found. Respond to the five steps outlined below and include your findings. Replace the bracketed text on all pages with your own words. If you choose to include images or supporting materials, be sure to insert them throughout. 3 Developer Matthew Marinelli 1. Interpreting Client Needs Determine your client’s needs and potential threats and attacks associated with their application and software security requirements. Consider the following regarding how companies protect against external threats based on the scenario information: • What is the value of secure communications to the company? The business values protected contact because a lack of those safety standards will jeopardize sensitive matters related to its activities. The program shall be interested in the execution of financial transactions and exchanges. Such information is sensitive and would undermine the credibility, security and availability of the system as well as the image of the application would result in financial loss. • Are there any international transactions that the company produces? Artemis Financial is involved in multinational transactions. This transfers include the internet functioning of consumers and their accounts at international level as well. There is also a chance for consumers to fly to foreign countries and they will need to have access to their accounts outside the country. • Are there governmental restrictions about secure communications to consider? There are several government restrictions. For example, the General Data Protection Regulation (GDPR) strategy on contact (Mondschein & Monda, 2019). The proposal will mandate that data handlers and service providers ensure that their client's information is secure from attacks. The organization should also seek to ensure that there are no security vulnerabilities that could breach the protection of sensitive customer information. • What external threats might be present now and in the immediate future? The external threats would be: Man in the middle attacks – In communication where a malicious group may intercept communication between a host and client and then manipulate data by listening in on packets. DOS Attacks – Throwing a ton of traffic at a host to eventually overload and crash said host. The immediate future threats would be many and various in nature. For example, there are various hacker groups out there that are in it for the bad, blackhat hackers and those who go in and try to find issues and report it back, called whitehat hackers. • What are the “modernization” requirements that must be considered, such as the role of open source libraries and evolving web application technologies? The modernization requirements that must be considered are sandboxing and virtualizing everything. This ensures hackers cannot really access the main portion of the system and even if they get into a VM, they can’t really do anything. Also, using VPNs to secure and hide our connections will be of great assistance. 2. Areas of Security The areas of security that would be associated with Artemis Financials application would be Crpography, Client and Server, Secure Coding and API. 4 Secure coding is the practice of ensuring coding is all clean and efficient and lacks any “holes” Artemis Financials exception handling can be applied to the source coding of the application. Error checks are also a good feature to use because it verifies the coding is thorough. Client and Server is the communication between the clients and the servers of the actual company. This is mainly used to retrieve and transact financial transactions in this case. Obviously the connection between these two is of vital importance to both the customer and the company. Cryptography is the encryption of files in transfer to ensure they cannot be read out in the open. Without encryption of files, they are viewable and editable to “prying eyes” out in the open network. Also, if you wanted to add extra protection, you can also add certificate validation to ensure the website’s certificate is still valid and functional. 3. Manual Review Continue working through the Vulnerability Assessment Process Flow Diagram. Identify all vulnerabilities in the code base by manually inspecting the code. [Include your findings here.] 4. Static Testing Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code. Record the output from dependency check report. Include the following: a. The names or vulnerability codes of the known vulnerabilities b. A brief description and recommended solutions provided by the dependency check report c. Attribution (if any) that documents how this vulnerability has been identified or documented previously [Include your findings here.] 5. Mitigation Plan After interpreting your results from the manual review and static testing, identify the steps to remedy the identified security vulnerabilities for Artemis Financial’s software application. [Include your findings here.] 5 ...
Student has agreed that all tutoring, explanations, and answers provided by the tutor will be used to help in the learning process and in accordance with Studypool's honor code & terms of service.

This question has not been answered.

Create a free account to get help with this and any other question!

Similar Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors