CYB 240 Project Two Stepping Stone Guidelines and Ru
ic Preliminary Report
CYB 240 Project Two Stepping Stone Guidelines and Ru
ic
Preliminary Report
Overview
As a cybersecurity professional, you don’t need to be a programmer to contribute a security mindset to a development team. Having a proactive security
mindset can help your team minimize security issues at the onset of application development; this will save you time and resources in later stages of
development. In this activity, you will analyze the OWASP Top Ten risks and the OWASP Top Ten Proactive Controls to provide a better perspective on how a
security professional can interact with an application development team and be a valuable contributing member.
This activity will help prepare you for Project Two, which will be submitted in Module Seven.
Scenario
In a previous development, during the final security testing, a number of risks were identified prior to the app being released, including the following risks from
the OWASP Top Ten risks:
A-1: Injection
A-2: Broken authentication
A-3: Sensitive data exposure
A-5: Broken access control
A-7: Cross-site scripting (XSS)
Prompt
As you prepare for your consulting role in a future development, your supervisor has asked you to prepare a preliminary report on what preventative measures
could have been put into place to mitigate the security risks experienced earlier in the development life cycle. Using the OWASP Top Ten risks and the OWASP
Top Ten Proactive Controls, select two of the risks uncovered during the security testing and discuss what controls would have been beneficial to address in the
early stages of development to prevent the last-minute revisions necessary in the previous development.
You must address the critical elements listed below.
I. Risk One
A. Based on the list provided in the scenario, summarize an OWASP Top Ten risk identified during the security testing.
B. Using the OWASP Top Ten Proactive Controls, describe the strategy you would employ to minimize the risk in future developments. Note:
Your strategy may include more than one of the OWASP Top Ten Proactive Controls.
1
II. Risk Two
A. Based on the list provided in the scenario, summarize an OWASP Top Ten risk identified during the security testing.
B. Using the OWASP Top Ten Proactive Controls, describe the strategy you would employ to minimize the risk in future developments. Note:
Your strategy may include more than one of the OWASP Top Ten Proactive Controls.
Project T wo Stepping Stone Ru
ic
Guidelines for Submission: Your submission should be 1 to 3 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins.
References should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example,
CYB_123_Assignment_Firstname_Lastname.docx.
Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value
Risk One: Summarize Risk Meets “Proficient” criteria and
addresses critical element in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Summarizes one of the listed
OWASP Top Ten risks identified
during the security testing
Addresses “Proficient” criteria,
ut there are gaps in clarity,
logic, or detail
Does not address critical
element, or response is
i
elevant
23
Risk One: Minimize the
Risk
Meets “Proficient” criteria and
addresses critical element in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Describes the strategy to be
employed to minimize the risk
in future developments
Addresses “Proficient” criteria,
ut there are gaps in clarity,
logic, or detail
Does not address critical
element, or response is
i
elevant
23
Risk Two: Summarize Risk Meets “Proficient” criteria and
addresses critical element in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Summarizes one of the listed
OWASP Top Ten risks identified
during the security testing
Addresses “Proficient” criteria,
ut there are gaps in clarity,
logic, or detail
Does not address critical
element, or response is
i
elevant
23
Risk Two: Minimize the
Risk
Meets “Proficient” criteria and
addresses critical element in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Describes the strategy to be
employed to minimize the risk
in future developments
Addresses “Proficient” criteria,
ut there are gaps in clarity,
logic, or detail
Does not address critical
element, or response is
i
elevant
23
Articulation of Response Submission is free of e
ors
elated to citations, grammar,
spelling, and organization and
is presented in a professional
and easy-to-read format
Submission has no major e
ors
elated to citations, grammar,
spelling, or organization
Submission has some e
ors
elated to citations, grammar,
spelling, or organization that
negatively impact readability
and articulation of main ideas
Submission has critical e
ors
elated to citations, grammar,
spelling, or organization that
prevent understanding of ideas
8
Total 100%
2
CYB 240 Project Two Stepping Stone Guidelines and Ru
ic Preliminary Report
Overview
Scenario
Prompt
Project T wo Stepping Stone Ru
ic