Your team received an assignment to develop and deliver a new company Web application for outsourced suppliers to use as they help support your company’s production resources. The

Your team received an assignment to develop and deliver a new company Web application for outsourced suppliers to use as they help support your company's production resources. The IT director recently returned from an OWASP conference in India and insists that the app will have strong security. As he walked out the door from your initial project briefing the IT director said, "I do not want to wait 200 days after an exploit to hear about it. If something happens, I want to know yesterday."

Instructions

The project specs require a multi-page design. The app will need to provide an interface to your company's supply database for reading and entering data remotely as well as the ability to contact, via the e-mail server, your company supply managers. In an effort to save money, management decided that the team will use some open-source software library modules.

Provide at least six steps in the SDLC during which security-strengthening behaviors will be applied.

Explain the specific security-relevant actions taken during each step, including the people involved, the considerations taken, and the security assurance methods used.

Identify and briefly explain at least three different security testing methods and indicate which methods analyze the app's front end, source code, or vulnerabilities while the app is running. Justify when you would use each method.

Explain at least six different vulnerabilities that could potentially affect your app and actions that your team could take to prevent each.