Competency In this project, you will demonstrate your mastery of the following competency: Analyze how advanced security concepts are applied to develop secure code Scenario You work as a developer...

1 answer below »

Competency


In this project, you will demonstrate your mastery of the following competency:



  • Analyze how advanced security concepts are applied to develop secure code


Scenario


You work as a developer for a software company, Global Rain, an engineering company that specializes in custom software design and development for entrepreneurs, businesses, and government agencies around the world. At your company, part of your mission is that “Security is everyone’s responsibility.” You have been promoted to the newly formed agile scrum team for Global Rain.


At Global Rain, you are tasked with working with a client, Artemis Financial. Your client is a financial consulting company that develops individualized financial plans for savings, retirement, investments, and insurance for their patrons.






Artemis Financial desires to modernize its operations and, as a crucial part of the success of its custom software, they want to implement and apply the most current and effective software security. Artemis Financial has a RESTful web application programming interface (API) and is seeking Global Rain’s expertise in taking steps to protect the organization from external threats.


As part of the team, you are tasked with examining Artemis Financial’s web-based software application to identify any security vulnerabilities in their current software. Your assessment will be used to complete a vulnerability assessment report for mitigating the security vulnerabilities that you identify.


Directions


You are tasked with examining Artemis Financial’s web-based software application by conducting a vulnerability assessment. Implementing what you have learned so far and using the supporting materials provided to assist you, review and analyze the security vulnerabilities specific to Artemis Financial’s web-based software application and document the following in the Vulnerability Assessment Report Template.




  1. Interpreting Client Needs:
    Review the scenario to
    determine your client’s needs and potential threats and attacks associated with their application and software security requirements. Document your findings in your Vulnerability Assessment Report. Consider the following regarding how companies protect against external threats based on the scenario information:

    • What is the value of secure communications to the company?

    • Are there any international transactions that the company produces?

    • Are there governmental restrictions about secure communications to consider?

    • What external threats might be present now and in the immediate future?

    • What are the “modernization” requirements that must be considered, such as the role of open source libraries and evolving web application technologies?






  1. Areas of Security:
    Use what you’ve learned in Step 1 and refer to the Vulnerability Assessment Process Flow Diagram provided. Think about the functionality of the software application to
    identify which areas of security are applicable
    to Artemis Financial’s web application. Document your findings in your Vulnerability Assessment Report and
    justify your reasoning for why each area is relevant to the software application.



*Please note: Not all seven areas of security identified in the Vulnerability Assessment Process Flow Diagram may be applicable for the company’s software application.




  1. Manual Review:
    Refer to the seven security areas outlined in the Vulnerability Assessment Process Flow Diagram. Use what you’ve learned in Steps 1 and 2 to guide your manual review.
    Identify all vulnerabilities in the code base by manually inspecting the code. Document your findings in your Vulnerability Assessment Report. Be sure to include a description identifying where the vulnerabilities are found (specific class file, if applicable).




  1. Static Testing:
    Integrate the dependency check plug-in into Maven by following the instructions outlined in the tutorial provided.
    Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code.
    Specifically, record the following from the dependency check report in your Vulnerability Assessment Report:

    1. The names or vulnerability codes of the known vulnerabilities

    2. A brief description and recommended solutions provided by the dependency check report

    3. Attribution (if any) that documents how this vulnerability has been identified or documented previously






  1. Mitigation Plan:
    Interpret the results from the manual review and static testing report.
    Identify steps to remedy the identified security vulnerabilities
    by creating an action list that documents how to fix each vulnerability in your Vulnerability Assessment Report.



*Please note: You do not need to fix these vulnerabilities in this project.


What to Submit


To complete this project, you must submit the following:




Vulnerability Assessment Report


Deliver a completed Vulnerability Assessment Report using the template provided. Follow the instructions in the template to ensure all items are met.


Supporting Materials


The following resource(s) may help support your work on the project:



Diagram:
Vulnerability Assessment Process Flow Diagram

Reference this process flow diagram throughout the project to determine which of the seven areas of security to assess for Artemis Financial’s software application. A text version of this diagram is available:
Vulnerability Assessment Process Flow Diagram Text Version.



Java Software Application:
CS 305 Project One Code Base.zip

Open a new Java project in Eclipse and upload this zipped file folder. This folder contains the code for the web application from Artemis Financial, with security vulnerabilities for you to identify using the guidelines provided.



Website:
Secure Coding Guidelines for Java SE

In this project, you will be examining Java code for security vulnerabilities. The “secure coding guidelines for Java SE” website provides an up-to-date list of common Java security concerns. The site also provides examples of Java code to examine and possible Java code solutions.



Website:
OWASP Secure Coding Practices Quick Reference Guide

In this project, you will be examining Java code for security vulnerabilities. The OWASP website provides an up-to-date list of common web application security concerns. The site also provides examples of using the dependency check tool to test Java code for security issues with Java project library dependencies.



Textbook:
Iron-Clad Java: Building Secure Web Applications, Chapters 1, 3, 7, and 10
Chapter 1 of the textbook provides a basic security foundation in the context of web applications. Chapter 3 explains the benefits and common practices for access control. Chapter 7 explains the common attack of SQL injection. Chapter 10 provides a foundation for security testing and security in the development process.



Tutorial:
Integrating the Maven Dependency Check Plug-in

Follow the instructions in this tutorial to learn how to integrate the dependency check plug-in into Maven. You will need to edit the pom.xml file to add the dependency check plug-in to Artemis Financial’s software application. When you compile your code, Eclipse will run the Maven plug-in.



Tool:
OWASP Dependency-Check-Maven

OWASP Dependency-Check-Maven is an open source solution that is used to scan Java applications to identify the use of known vulnerabilities. This will be used for running a dependency check to statically test the code and produce an HTML report as output.

Answered 7 days AfterJul 04, 2022

Answer To: Competency In this project, you will demonstrate your mastery of the following competency: Analyze...

Aditi answered on Jul 12 2022
94 Votes
CS 305 Project One Artemis Financial Vulnerability Assessment Report Template
Vulnerability Assessment Report
(
10
)
1. Interpreting Client Needs
Identify the dangers and attacks connected with your client's software and applications security requirements. As an example of how cor
porations might safeguard themselves against external risks, consider the following:
What is the value of secure communications to the company?
When it comes to Artemis Financial, data security is of utmost importance because of the sensitive nature of the business. External threats might potentially steal clients' identities, move monies to the wrong accounts, and cause a slew of other major breaches that could result in the loss of customers and revenue. It is in everyone's best interest, including Artemis Financial and the firms we work with (such as other financial institutions, pension funds, and insurance companies), to ensure the privacy of all communications.
Are there any international transactions that the company produces?
It is probable that Artemis Financial has some overseas customers. Even if they solely provide their services to US customers, those clients may be in another country and require access to their account information or to execute financial transactions.
Are there governmental restrictions about secure communications to consider?
There are various constraints imposed by the government when it comes to ensuring the security of communications, particularly when it comes to matters of money, stocks, and pensions. A measure is now being considered that would create back doors to all American communications, removing privacy while also allowing unauthorized (non-American government) access to the software and the theft of the private data and money stored inside.
What external threats might be present now and in the immediate future?
Rival corporations and countries outside the United States are among the present and potential dangers we face. Anonymous is a hacking organization. The safety of the company's users and its employees are directly impacted by how secure it is with this data.
What are the “modernization” requirements that must be considered, such as the role of open-source libraries and evolving web application technologies?
In order to meet the modernization standards, the organization must be totally web-based and secure. Security improvements and the creation of a sandboxed web application are two examples of this. An open-source library may be used by the business to enhance their software's security and usefulness.
2. Areas of Security
API, cryptography, client-server architecture, and safe code are some of the most important aspects of security.
API: This component of web application security is essential due to the widespread usage of application programming interfaces (APIs). In order to prevent...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here