CYB 240 Project Two Guidelines and Rubric Recommendations ReportCYB 240 Project...

1 answer below »
See attached


CYB 240 Project Two Guidelines and Rubric Recommendations Report CYB 240 Project Two Guidelines and Rubric Recommendations Report Overview A security analyst’s responsibility in the software development life cycle (SDLC) is not to write code, but to interface with programmers. Secure programming is not necessarily in the skill set of many programmers. Therefore, it is your job as a security analyst to help identify areas of concern. For this project, you are in the role of a security analyst collaborating with a larger software development team and you are creating a recommendations report to the development team. You will be describing areas of concern and how to avoid them based on your role as the security analyst. You will also be explaining the value you add participating in the SDLC. The project builds off of skills you practiced in the Project Two Stepping Stone, which will be submitted in Module Three. The project will be submitted in Module Seven. In this assignment, you will demonstrate your mastery of the following course competency:  CYB-240-02: Describe the fundamental principles and practices of application security Scenario In a course announcement, your instructor will provide you with a scenario on which you will base your work. Use the scenario to address the critical elements. Prompt Select two known development issues/vulnerabilities relevant to the project in the scenario. You can use the issues or vulnerabilities you identified as part of the Project Two Stepping Stone submitted in Module Three. You must address the critical elements listed below in your recommendations report. The codes shown in brackets indicate the course competency to which each critical element is aligned. I. Development Issue/Vulnerability One A. Describe why the OWASP element selected is a potential area of concern for the development team. [CYB-240-02] B. Recommend techniques or methods to apply a specific fundamental security design principle to avoid the development issue/vulnerability. Justify the relevance of the fundamental security design principle you select. [CYB-240-02] 1 II. Development Issue/Vulnerability Two A. Describe why the OWASP element selected is a potential area of concern for the development team. [CYB-240-02] B. Recommend techniques or methods to apply a specific fundamental security design principle to avoid the development issue/vulnerability. Justify the relevance of the fundamental security design principle you select. [CYB-240-02] III. Discuss the value of a security practitioner equipped with the fundamental security design principles in preventing security issues during the SDLC. [CYB-240-02] Project Two Rubric Guidelines for Submission: Your submission should be 2 to 3 pages in length and should be written in APA format. Use double spacing, 12-point Times New Roman font, and one-inch margins. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Development Issue/Vulnerability One: Potential Area of Concern [CYB-240-02] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes why the OWASP element selected is a potential area of concern for the development team Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 Development Issue/Vulnerability One: Techniques or Methods [CYB-240-02] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Recommends techniques or methods to apply a specific fundamental security design principle to avoid the development issue/vulnerability, including a justification of the relevance of the fundamental security design principle selected Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 Development Issue/Vulnerability Two: Potential Area of Concern [CYB-240-02] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes why the OWASP element selected is a potential area of concern for the development team Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 2 Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Development Issue/Vulnerability Two: Techniques or Methods [CYB-240-02] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Recommends techniques or methods to apply a specific fundamental security design principle to avoid the development issue/vulnerability, including a justification of the relevance of the fundamental security design principle selected Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 Preventing Security Issues [CYB-240-02] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Discusses the value of a security practitioner equipped with the fundamental security design principles in preventing security issues during the SDLC Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 18 Articulation of Response Submission is free of errors related to grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to grammar, spelling, or organization Submission has some errors related to grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% 3 CYB 240 Project Two Guidelines and Rubric Recommendations Report Overview Scenario Prompt Project Two Rubric CYB 240 Project Two Scenario One You are a newly hired analyst for a health insurance company with a central office and several satellite offices. The central office administers all back-end servers and pushes out all communications to satellite offices via a web interface. The organization has requested a security analyst be part of a new web application development from the start of the project to advise on possible security risks. The application is used as an interface with the patient information system, and it is used by internal employees only. A member of the IT team has reviewed the design documents for the new development project, and has provided the following list of system specifications: ● Three-tiered system: ○ MySQL Database Current system specifications: ■ Proper authentication to access data in table ■ Communication with transaction server done through PHP ○ Microsoft Transaction Server Current system specifications: ■ Transaction server has administrative access to MySQL database ■ Communication to the database is done over company network ■ Communication to the web server front end is done over the internet ■ Components sent to web server front end are in XML format with weak metadata ■ Transactions sent to web server are unencrypted and 1-1 (not batched) ○ Web Server Front End Current system specifications: ■ Data displayed on webpages is in clear text using HTTP protocols ■ Log-on access to web server is via client-side scripting
Answered 1 days AfterDec 09, 2022

Answer To: CYB 240 Project Two Guidelines and Rubric Recommendations Report...

Shubham answered on Dec 10 2022
31 Votes
Development Issue/Vulnerability One
Question a
Broken authentication can allow attackers to access and get
the permission as the target users. It can create severe web application vulnerabilities. The issue with authentication can give attackers unfettered access to data and it can wreak havoc on the web application. This vulnerability includes improper salted and hashed passwords along with leaks involving the user account data and improper set timeouts. It results in brute force attacks and typical password stuffing. It includes compromising password, user account information and session tokens. It happens because of poor implementation and design of access and identifies controls. Attackers can employ a wide range of strategies that ranges from huge credentials stuffing attacks to high targeted scheme aims for gaining the access to the specific credential.
Question b
Broken authentication can be prevented by using multi-factor authentication that can help in verifying the correct user. It includes creating strong passwords with period updates for changing the password. It requires...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here