You work as a developer for a software company, Global Rain, an engineering company that specializes in custom software design and development for entrepreneurs, businesses, and government agencies around the world. At your company, part of your mission is that “Security is everyone’s responsibility.” You have been promoted to the newly formed agile scrum team for Global Rain.
At Global Rain, you are tasked with working with a client, Artemis Financial. Your client is a financial consulting company that develops individualized financial plans for savings, retirement, investments, and insurance for their patrons.
Artemis Financial desires to modernize its operations and, as a crucial part of the success of its custom software, they want to implement and apply the most current and effective software security. Artemis Financial has a RESTful web application programming interface (API) and is seeking Global Rain’s expertise in taking steps to protect the organization from external threats.
As part of the team, you are tasked with examining Artemis Financial’s web-based software application to identify any security vulnerabilities in their current software. Your assessment will be used to complete a vulnerability assessment report for mitigating the security vulnerabilities that you identify.
You are tasked with examining Artemis Financial’s web-based software application by conducting a vulnerability assessment. Implementing what you have learned so far and using the supporting materials provided to assist you, review and analyze the security vulnerabilities specific to Artemis Financial’s web-based software application and document the following in the Vulnerability Assessment Report Template.
3. The Vulnerability Assessment Process Flow Diagram. Use what you’ve learned in Steps 1 and 2 to guide your manual review. Identify all vulnerabilities in the code base by manually inspecting the code. Document your findings in your Vulnerability Assessment Report. Be sure to include a description identifying where the vulnerabilities are found (specific class file, if applicable).
4. Static Testing: Integrate the dependency check plug-in into Maven by following the instructions outlined in the tutorial provided. Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code. Specifically, record the following from the dependency check report in your Vulnerability Assessment Report:
- The names or vulnerability codes of the known vulnerabilities
- A brief description and recommended solutions provided by the dependency check report
- Attribution (if any) that documents how this vulnerability has been identified or documented previously
- Mitigation Plan: Interpret the results from the manual review and static testing report. Identify steps to remedy the identified security vulnerabilities by creating an action list that documents how to fix each vulnerability in your Vulnerability Assessment Report