Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

Design a Strategy for Securing the Operation of a Web Application Overview Your team received an assignment to develop and deliver a new company Web application for outsourced suppliers to use...

1 answer below »






  1. Design a Strategy for Securing the Operation of a Web Application


    Overview


    Your team received an assignment to develop and deliver a new company Web application for outsourced suppliers to use as they help support your company’s production resources. The IT director recently returned from an OWASP conference in India and insists that the app will have strong security. As he walked out the door from your initial project briefing the IT director said, “I do not want to wait 200 days after an exploit to hear about it. If something happens, I want to know yesterday.”


    Instructions


    The project specs require a multi-page design. The app will need to provide an interface to your company’s supply database for reading and entering data remotely as well the ability to contact, via the e-mail server, your company supply managers. In an effort to save money, management decided that the team will use some open source software library modules.


    Fully discuss, in 3–5 pages, the process that your team would follow to create and deliver that Web application.



    1. Provide at least six steps in the SDLC during which security strengthening behaviors will be applied.

    2. Explain the specific security relevant actions taken during each step to include the people involved, the considerations taken and security assurance methods used.

    3. Identify and briefly explain at least three different security testing methods and indicate which methods analyze the app’s front end, source code, or vulnerabilities while the app is running. Justify when you would use each method.

    4. Explain at least six different vulnerabilities that could potentially affect your app and actions that your team could take to prevent each.

    5. Use at least four quality USA sources in this assignment.


    6. The specific course learning outcome associated with this assignment is:






    • Propose a strategy for securing the operation of a Web application.





    Grading Rubric Points:




    • Provide six steps in the SDLC during which security-strengthening behaviors will be applied.






    • Explain the specific security relevant actions taken during each step to include the people involved, the considerations taken, and security assurance methods used.






    • Explain three different security testing methods and indicate which methods analyze the app’s front end, source code, or vulnerabilities while the app is running. Justify when you would use each method.






    • Explain six different vulnerabilities that could potentially affect your app and actions that your team could take to prevent each.






    • Provide four peer-reviewed, academic references.






    • Cite sources with complete functioning Web links. Test the links to ensure they work before submitting.






    • Clarity, writing mechanics, and formatting requirements.









Answered 2 days After Feb 16, 2023

Solution

Shubham answered on Feb 19 2023
37 Votes
Question 1
The software development life cycle (SDLC) is a process used by software development teams to plan, design, build, test, and deploy software applications. Here are six steps in the SDLC during which security strengthening behaviors should be implemented:
1. Planning: During the planning phase of the SDLC, the team should consider security as a core requirement for the software application. The team should define the security objectives and requirements of the application, identify potential security threats and
isks, and plan for security measures to be implemented throughout the development process.
2. Design: During the design phase of the SDLC, the team should incorporate security into the application architecture and design (de Vicente Mohino et al. 2019). The team should identify security features and controls to be implemented, such as access control mechanisms, encryption, and authentication methods.
3. Implementation: During the implementation phase of the SDLC, the team should implement the security measures defined in the planning and design phases. This can include code reviews, vulnerability scanning, and penetration testing.
4. Testing: During the testing phase of the SDLC, the team should conduct security testing to ensure that the application is secure and resilient against common attack vectors. This can include functional testing, performance testing, and security testing.
5. Deployment: During the deployment phase of the SDLC, the team should ensure that the application is deployed securely, using secure configuration settings, and access control mechanisms. The team should also monitor the application for potential security incidents or
eaches.
6. Maintenance: During the maintenance phase of the SDLC, the team should continue to monitor and maintain the security of the application. This can include regular security updates and patches, vulnerability scanning, and penetration testing.
By incorporating security strengthening behaviors into these six steps of the SDLC, software development teams can ensure that the software applications they develop are secure and resilient against potential security threats and risks.
Question 2
In the planning phase, it should involve security experts, such as a security analyst or a security architect, in the planning process. This required defining the security requirements for the application, such as access control mechanisms, encryption, and authentication methods. During the design phase, it incorporates security into the application architecture and design. Identify security features and controls to be implemented, such as access control mechanisms, encryption, and authentication methods. In the Implementation phase, it requires following secure coding practices, such as avoiding buffer overflows and input validation vulnerabilities. It includes conducting...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Attach File