Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

Listen ReadSpeaker webReader: Listen OverviewWriting code is difficult. Writing secure code can be even more challenging. As the developer, it is your responsibility to write secure code....

1 answer below »



Listen
ReadSpeaker webReader: Listen



Overview


Writing code is difficult. Writing secure code can be even more
challenging. As the developer, it is your responsibility to write secure
code. You’ll know if your code is secure when you manually search for
and identify possible security vulnerabilities. Developing this skill is
important because it becomes more challenging as the number of lines
and complexity of your code increase.


Fortunately, as you learned in this module, you can follow a
workflow. You can also use tools that are widely accepted in the field
of software security and vulnerability assessments. By following the
Vulnerability Assessment Process Flow Diagram (VAPFD), you can focus
your manual code inspection and narrow your search for possible security
vulnerabilities within your code.


Specifically in this assignment, you will:


  • Determine relevant areas of security for a software application.
  • Identify software security vulnerabilities by manually reviewing source code.
  • Identify potential mitigation techniques that have been used to mitigate against vulnerabilities associated with known exploits.

Scenario


You’re a senior software developer in a team of software developers.
You’re responsible for a complex web application that uses Spring
Framework. The team has been tasked with implementing an expressive
command input function for the application. You are told the team is
currently using Version 2.6.5 of the spring-data-rest-webmvc in Spring
Framework. You also want to use the Spring Expression Language to
accomplish the task.


If you are unfamiliar with Spring, learn about Spring Framework by
watching the video and exploring the guides linked in the Supporting
Materials section.


Directions


As the lead person on this application, you are responsible for
ensuring that the code is secure. You’ll need to assess potential
vulnerabilities in the code and create a mitigation plan for any
existing vulnerabilities that the software development team must
address.


To begin, see the Vulnerability Assessment Process Flow Diagram
(VAPFD), linked in Supporting Materials, to help guide your code review
and mitigation plan.


Specifically, you must address the following rubric criteria:


  1. Areas of Security: Review the scenario and use what you know
    about the architecture of the web application to identify relevant areas
    of security that are applicable for a software application:
    1. Decide which of the seven areas of security are relevant to assess from the first level of the VAPFD.
    2. Document your findings for the software development team in
      theModule Two Written Assignment Template, linked in What to Submit.
  2. Areas of Security Justification: Justify your reasoning for why each area of security is relevant to the software application.
  3. Code Review Summary:Once you have identified the relevant
    areas of security to review from the first level of the VAPFD, work
    through the second level. At this stage, you should:
    1. Manually inspect the code base provided to identify which
      vulnerabilities exist by uploading the Module Two Written Assignment
      Code Base, linked in Supporting Materials, as a new project into
      Eclipse.
    2. Refer to the Uploading Files to Eclipse Desktop Version Tutorial,
      linked in Supporting Materials, for how to open the code base for
      review.
    3. Document your findings for the software development team in the Module Two Written Assignment Template provided.
  4. Mitigation Plan: Once you have manually inspected the code and identified the security vulnerabilities:
    1. Describe potential mitigation techniques. For example,
      describe secure software designs that you could use to address the
      software security vulnerabilities you identified.
    2. It may be helpful to refer to the Module Two Resources, including
      your textbook, the Secure Coding Guidelines for Java SE, the Common
      Vulnerabilities and Exposures (CVE) list, and the National Vulnerability
      Database.
    3. Document your findings for the software development team in the
      Module Two Written Assignment Template provided. This plan will be used
      by the software development team to address all vulnerabilities in the
      code.

What to Submit


Submit a completed Module Two Written Assignment Templateas a 1- to 2-page Microsoft Word document.

cs-305-module-two-written-assignment-template-a0ryzaxx.docx cs-305-module-two-written-assignment-code-base-1vdjryyk.zip
Answered 4 days After Jan 10, 2023

Solution

Deepak answered on Jan 14 2023
47 Votes
CS 305 Module Two Code Review and Mitigation Plan Assignment Template
CS 305 Module Two Written Assignment Template
Instructions
Replace the
acketed text with the relevant information in your own words. If you choose to include images or supporting materials, make certain to insert them in all the relevant locations in the document.
1. Areas of Security
A web application's security needs fall into numerous categories:
· Authentication and Authorization: This entails making certain that only authorized users have access to the program and its resources.
· Input validation entails verifying user input in order to avoid attacks like SQL injection and cross-site scripting (XSS).
· Secure communications entail safeguarding communication between the client and the server, for example, by utilizing HTTPS.
· Session management entails securely maintaining user sessions to prevent session hijacking and other threats.
· Controlling access to resources within the application, for example, through role-based access control, is an example of access control.
· Data encryption entails encrypting sensitive data to prevent unwanted access.
· File upload validation entails verifying file uploads in order to keep malware and other dangerous files from being submitted to the application.
· E
or management and logging entails managing e
ors and securely logging events to help in incident response and forensic investigation.
· Security testing entails routinely scanning the programme for vulnerabilities and resolving any issues that are discovered.
· Security during deployment is ensuring that the application is delivered in a secure environment with suitable controls in place to protect it from assaults.
These are just a few examples; there are many more security issues that may be applicable for a web application based on the application's unique requirements and design.
Decide which of the seven areas of security are relevant to assess from the first level of the VAPFD.
From the first level of the VAPFD (Vulnerability Assessment and Penetration Testing Framework), the following seven security domains are necessary to assess:
· Vulnerability Assessment include discovering flaws in the programme and its infrastructure, such as through the use of automated scanners or human testing.
· Penetration testing is attempting to exploit vulnerabilities in the programme and its infrastructure in order to obtain unauthorised access or to ca
y out other harmful acts.
· Network Security: This entails examining the security of the network on which the programme operates, such as firewall and intrusion detection/prevention systems.
· Web Application Security entails reviewing the application's security, such as by...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Attach File