CompetencyIn this project, you will demonstrate your mastery of the following competency:Analyze how advanced security concepts are applied to develop secure codeScenarioYou work as a developer for a...

1 answer below »



Competency




In this project, you will demonstrate your mastery of the following competency:







  • Analyze how advanced security concepts are applied to develop secure code






Scenario




You work as a developer for a software engineering company, Global Rain, that specializes in custom software design and development. The software is for entrepreneurs, businesses, and government agencies around the world. Part of the company’s mission is that “Security is everyone’s responsibility.” Global Rain has promoted you to their new agile scrum team.




At Global Rain, you work with a client, Artemis Financial, a consulting company that develops individualized financial plans for their customers. The financial plans include savings, retirement, investments, and insurance.
















Artemis Financial wants to modernize their operations. As a crucial part of the success of their custom software, they also want to use the most current and effective software security. Artemis Financial has a RESTful web application programming interface (API). They are seeking Global Rain’s expertise about how to protect the organization from external threats.




As part of the team, you must examine Artemis Financial’s web-based software application to identify any security vulnerabilities. You’ll document what you learn in a vulnerability assessment report that will be used for mitigating the security vulnerabilities that you find.




Directions




You must conduct a vulnerability assessment. In it, you’ll examine Artemis Financial’s web-based software application. Use what you have learned so far and the resources provided in the Supporting Materials section to help you. Review and analyze the security vulnerabilities specific to Artemis Financial’s web-based software application. Use the Project One Template, linked in What to Submit, to document the following for your vulnerability assessment report:










  1. Interpreting Client Needs: Review the scenario to determine your client’s needs and potential threats and attacks associated with their application and software security requirements.


    Document your findings in your vulnerability assessment report. Consider the scenario information and the following questions regarding how companies protect against external threats:




    1. What is the value of secure communications to the company?



    2. Does the company make any international transactions?



    3. Are there governmental restrictions about secure communications to consider?



    4. What external threats might be present now and in the immediate future?



    5. What are the modernization requirements that you must consider? For example:




      1. The role of open-source libraries



      2. Evolving web application technologies
























  1. Areas of Security: Use what you’ve learned in step 1 and refer to the Vulnerability Assessment Process Flow Diagram provided. Think about the functionality of the software application to identify which areas of security apply to Artemis Financial’s web application. Document your findings in your vulnerability assessment report and justify why each area is relevant to the software application.









Please note: Not all seven areas of security in the Vulnerability Assessment Process Flow Diagram apply to the company’s software application.










  1. Manual Review: Refer to the seven security areas outlined in the Vulnerability Assessment Process Flow Diagram. Use what you’ve learned in steps 1 and 2 to guide your manual review. Identify all vulnerabilities in the Project One Code Base, linked in Supporting Materials, by manually inspecting the code. Document your findings in your vulnerability assessment report. Be sure to include a description that identifies where the vulnerabilities are found (specific class file, if applicable).












  1. Static Testing:

    Integrate the dependency-check plug-in into Maven by following the instructions outlined in the Integrating the Maven Dependency-Check Plug-in tutorial provided in Supporting Materials. Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code. Specifically, identify all vulnerabilities in the code base by analyzing results from running the code through a static test.


    Include these items from the dependency-check report in your vulnerability assessment report:






    1. The names or vulnerability codes of the known vulnerabilities



    2. A brief description and recommended solutions that are found in the dependency-check report



    3. Attribution (if any) that documents how this vulnerability has been identified or how it was documented in the past















  1. Mitigation Plan:

    Interpret the results from the manual review and static testing report. Identify steps to mitigate the identified security vulnerabilities by creating an action list that documents how to fix each vulnerability in your vulnerability assessment report.









Please note: You do not need to fix these vulnerabilities in this project.




What to Submit




To complete this project, you must submit the following:







Vulnerability Assessment Report





Use the

Project One Templateto complete your vulnerability assessment report.

cs-305-project-one-code-base-ppvjtmr0.zip cs-305-project-one-template-eu5u2xqb.docx
Answered 2 days AfterJan 17, 2023

Answer To: CompetencyIn this project, you will demonstrate your mastery of the following competency:Analyze...

Deepak answered on Jan 19 2023
31 Votes
CS 305 Project One Artemis Financial Vulnerability Assessment Report Template
Artemis Financial Vulnerability Assessment Report
Table of Contents
Document Revision History    3
Client    3
Instructions    3
Developer    4
1. Interpreting Client Needs    4
2. Areas of Security    4
3. Manual Review    4
4. Static Testing    4
5. Mitigation Plan    4
Document Revision History
    Version
    Date
    Author
    Comments
    1.0
    [Date]
    [Your name]
    
Client
Instructions
Submit this completed vulnerability assessment report. Replace the bracketed text with the relevant information. In the report, identify your findings of security vulnerabilities and provide recommendations for the next steps to remedy the issues you have found.
· Respond to the five steps outlined below and include your findings.
· Respond using your own words. You may also choose to include images or supporting materials. If you include them, make certain to insert them in all the relevant locations in the document.
· Refer to the Project One Guidelines and Rubric for more detailed instructions about each section of the template.
Developer
[Insert your name here.]
1. Interpreting Client Needs
1.
Secure communications are crucial to a company's security and prosperity. They guard against illegal access or exposure of sensitive information such as financial data, intellectual property, and private company plans. This can assist to avoid financial loss, legal responsibility, and reputational harm. Furthermore, encrypted communications can aid in the fulfillment of legal and regulatory obligations such as data protection and privacy legislation. Overall, secure communications may assist a firm in maintaining a competitive advantage and safeguarding its assets.
From a vulnerability standpoint, the benefit of secure communications to a firm is that it helps to defend the organization from a number of cyber threats such as hacking, phishing, and social engineering. These attacks can acquire unauthorized access to sensitive information, interrupt operations, and cause a financial loss by exploiting weaknesses in the company's communication networks. A corporation may lower the danger of these sorts of assaults and protect itself from possible harm by employing secure communications.
Furthermore, secure communications can assist a corporation to avoid data breaches and regulatory problems. If a company's communication systems are not adequately protected, it may be subject to data breaches that result in the loss or theft of critical data.
This might result in legal responsibility and reputational harm to a corporation. A corporation may assist to guarantee that sensitive information is secured and that it is in compliance with relevant rules and regulations by using secure communications.
From a vulnerability standpoint, the benefit of secure communications to a firm is that it helps to safeguard the organization from a range of cyber attacks, data breaches, and compliance violations. This can aid in the security and integrity of the company's activities, as well as the protection of its assets and reputation.
2.
Yes, company do transact internationally, there are a lot of transactions that are international.
3.
Yes, a corporation must consider any governmental limits on secure communications. These constraints might differ based on the area or location in which the firm operates as well as the sort of communication being performed.
Some governments, for example, may have laws or rules prohibiting the use of specific types of encryption or communication technology. Furthermore, some governments may force corporations to keep specific types of communication data for a set length of time or to grant government authorities access to such data.
Companies should contact with legal and compliance specialists to verify that their secure communication methods comply with all applicable laws and regulations in order to comply with governmental limits and legislation.
4.
Companies may face a number of external dangers today and in the near future, including:
· Hackers may target businesses in order to steal sensitive information or disrupt operations. Phishing schemes, ransomware assaults, and other types of cybercrime are examples of this.
· Attacks on supply chains: Businesses may be exposed to attacks on their suppliers or partners, which can interrupt operations and even lead to data breaches.
· Social engineering: Attackers may...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?