See attachec
CYB 240 Project Two Stepping Stone Guidelines and Rubric Preliminary Report CYB 240 Project Two Stepping Stone Guidelines and Rubric Preliminary Report Overview As a cybersecurity professional, you don’t need to be a programmer to contribute a security mindset to a development team. Having a proactive security mindset can help your team minimize security issues at the onset of application development; this will save you time and resources in later stages of development. In this activity, you will analyze the OWASP Top Ten risks and the OWASP Top Ten Proactive Controls to provide a better perspective on how a security professional can interact with an application development team and be a valuable contributing member. This activity will help prepare you for Project Two, which will be submitted in Module Seven. Scenario In a previous development, during the final security testing, a number of risks were identified prior to the app being released, including the following risks from the OWASP Top Ten risks: A-1: Injection A-2: Broken authentication A-3: Sensitive data exposure A-5: Broken access control A-7: Cross-site scripting (XSS) Prompt As you prepare for your consulting role in a future development, your supervisor has asked you to prepare a preliminary report on what preventative measures could have been put into place to mitigate the security risks experienced earlier in the development life cycle. Using the OWASP Top Ten risks and the OWASP Top Ten Proactive Controls, select two of the risks uncovered during the security testing and discuss what controls would have been beneficial to address in the early stages of development to prevent the last-minute revisions necessary in the previous development. You must address the critical elements listed below. I. Risk One A. Based on the list provided in the scenario, summarize an OWASP Top Ten risk identified during the security testing. B. Using the OWASP Top Ten Proactive Controls, describe the strategy you would employ to minimize the risk in future developments. Note: Your strategy may include more than one of the OWASP Top Ten Proactive Controls. 1 II. Risk Two A. Based on the list provided in the scenario, summarize an OWASP Top Ten risk identified during the security testing. B. Using the OWASP Top Ten Proactive Controls, describe the strategy you would employ to minimize the risk in future developments. Note: Your strategy may include more than one of the OWASP Top Ten Proactive Controls. Project T wo Stepping Stone Rubric Guidelines for Submission: Your submission should be 1 to 3 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. References should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Risk One: Summarize Risk Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Summarizes one of the listed OWASP Top Ten risks identified during the security testing Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 23 Risk One: Minimize the Risk Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes the strategy to be employed to minimize the risk in future developments Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 23 Risk Two: Summarize Risk Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Summarizes one of the listed OWASP Top Ten risks identified during the security testing Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 23 Risk Two: Minimize the Risk Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes the strategy to be employed to minimize the risk in future developments Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 23 Articulation of Response Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 8 Total 100% 2 CYB 240 Project Two Stepping Stone Guidelines and Rubric Preliminary Report Overview Scenario Prompt Project T wo Stepping Stone Rubric