ListenReadSpeaker webReader: ListenOverviewWriting code is difficult. Writing secure code can be even more challenging. As the developer, it is your responsibility to write secure code....

1 answer below »




Overview




Writing code is difficult. Writing secure code can be even more

challenging. As the developer, it is your responsibility to write secure

code. You’ll know if your code is secure when you manually search for

and identify possible security vulnerabilities. Developing this skill is

important because it becomes more challenging as the number of lines

and complexity of your code increase.




Fortunately, as you learned in this module, you can follow a

workflow. You can also use tools that are widely accepted in the field

of software security and vulnerability assessments. By following the

Vulnerability Assessment Process Flow Diagram (VAPFD), you can focus

your manual code inspection and narrow your search for possible security

vulnerabilities within your code.




Specifically in this assignment, you will:





  • Determine relevant areas of security for a software application.

  • Identify software security vulnerabilities by manually reviewing source code.

  • Identify potential mitigation techniques that have been used to mitigate against vulnerabilities associated with known exploits.




Scenario




You’re a senior software developer in a team of software developers.

You’re responsible for a complex web application that uses Spring

Framework. The team has been tasked with implementing an expressive

command input function for the application. You are told the team is

currently using Version 2.6.5 of the spring-data-rest-webmvc in Spring

Framework. You also want to use the Spring Expression Language to

accomplish the task.




If you are unfamiliar with Spring, learn about Spring Framework by

watching the video and exploring the guides linked in the Supporting

Materials section.




Directions




As the lead person on this application, you are responsible for

ensuring that the code is secure. You’ll need to assess potential

vulnerabilities in the code and create a mitigation plan for any

existing vulnerabilities that the software development team must

address.




To begin, see the Vulnerability Assessment Process Flow Diagram

(VAPFD), linked in Supporting Materials, to help guide your code review

and mitigation plan.




Specifically, you must address the following rubric criteria:






  1. Areas of Security:
    Review the scenario and use what you know

    about the architecture of the web application to identify relevant areas

    of security that are applicable for a software application:


    1. Decide which of the seven areas of security are relevant to assess from the first level of the VAPFD.

    2. Document your findings for the software development team in

      theModule Two Written Assignment Template, linked in What to Submit.




  2. Areas of Security Justification:
    Justify your reasoning for why each area of security is relevant to the software application.



  3. Code Review Summary:Once you have identified the relevant

    areas of security to review from the first level of the VAPFD, work

    through the second level. At this stage, you should:


    1. Manually inspect the code base provided to identify which

      vulnerabilities exist by uploading the Module Two Written Assignment

      Code Base, linked in Supporting Materials, as a new project into

      Eclipse.

    2. Refer to the Uploading Files to Eclipse Desktop Version Tutorial,

      linked in Supporting Materials, for how to open the code base for

      review.

    3. Document your findings for the software development team in the Module Two Written Assignment Template provided.




  4. Mitigation Plan:
    Once you have manually inspected the code and identified the security vulnerabilities:


    1. Describe potential mitigation techniques.
      For example,

      describe secure software designs that you could use to address the

      software security vulnerabilities you identified.

    2. It may be helpful to refer to the Module Two Resources, including

      your textbook, the Secure Coding Guidelines for Java SE, the Common

      Vulnerabilities and Exposures (CVE) list, and the National Vulnerability

      Database.

    3. Document your findings for the software development team in the

      Module Two Written Assignment Template provided. This plan will be used

      by the software development team to address all vulnerabilities in the

      code.





What to Submit




Submit a completed
Module Two Written Assignment Templateas a 1- to 2-page Microsoft Word document.

cs-305-module-two-written-assignment-template-a0ryzaxx.docx cs-305-module-two-written-assignment-code-base-1vdjryyk.zip
Answered 4 days AfterJan 10, 2023

Answer To: ListenReadSpeaker webReader: ListenOverviewWriting code is difficult. Writing secure...

Deepak answered on Jan 14 2023
34 Votes
CS 305 Module Two Code Review and Mitigation Plan Assignment Template
CS 305 Module Two Written Assignment Template
Instructions
Replace the bracketed text with the relevant information in your own words. If you choose to include images or supporting materials, make certain to insert them in all the relevant locations in the document.
1. Areas of Security
A web application's security needs fall into numerous categories:
· Authentication and Authorization: This entails making certain that only authorized users have access to the program and its resources.
· Input validation entails verifying user input in order to avoid attacks like SQL injection and cross-site scripting (XSS).
· Secure communications entail safeguarding communication between the client and the server, for example, by utilizing HTTPS.
· Session management entails securely maintaining user sessions to prevent session hijacking and other threats.
· Controlling access to resources within the application, for example, through role-based access control, is an example of access control.
· Data encryption entails encrypting sensitive data to prevent unwanted access.
· File upload validation entails verifying file uploads in order to keep malware and other dangerous files from being submitted to the application.
· Error management and logging entails managing errors and securely logging events to help in incident response and forensic investigation.
· Security testing entails routinely scanning the programme for vulnerabilities and resolving any issues that are discovered.
· Security during deployment is ensuring that the application is delivered in a secure environment with suitable controls in place to protect it from assaults.
These are just a few examples; there are many more security issues that may be applicable for a web application based on the application's unique requirements and design.
Decide which of the seven areas of security are relevant to assess from the first level of the VAPFD.
From the first level of the VAPFD (Vulnerability Assessment and Penetration Testing Framework), the following seven security domains are necessary to assess:
· Vulnerability Assessment include discovering flaws in the programme and its infrastructure, such as through the use of automated scanners or human testing.
· Penetration testing is attempting to exploit vulnerabilities in the programme and its infrastructure in order to obtain unauthorised access or to carry out other harmful acts.
· Network Security: This entails examining the security of the network on which the programme operates, such as firewall and intrusion detection/prevention systems.
· Web Application Security entails reviewing the application's security, such as by...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?