Secure Software Development
Competencies
In this project, you will demonstrate your mastery of the following competencies:
Write secure communications through the application of current encryption technologies and techniques
Design and implement code that complies with software security testing protocols
Scenario
You work as a developer for a software engineering company, Global Rain, that specializes in custom software design and development. The software is for entrepreneurs, businesses, and government agencies around the world. Part of the company’s mission is that “Security is everyone’s responsibility.” Global Rain has promoted you to their new agile scrum team.
At Global Rain, you work with a client, Artemis Financial, a consulting company that develops individualized financial plans for their customers. The financial plans include savings, retirement, investments, and insurance.
Artemis Financial logo
Artemis Financial wants to modernize their operations. As a crucial part of the success of their custom software, they also want to use the most current and effective software security. Artemis Financial has a public web interface. They are seeking Global Rain’s expertise about how to protect their client data and financial information.
Specifically, Artemis Financial wants to add a file verification step to their web application to ensure secure communications. When the web application is used to transfer data, they will need a data verification step in the form of a checksum. You must take their current software application and add secure communication mechanisms to meet their software security requirements. You’ll deliver a production quality integrated application that includes secure coding protocols.
Directions
You must examine Artemis Financial’s software to address any security vulnerabilities. This will require you to refactor the Project Two Code Base, linked in the Supporting Materials section, to add functionality to meet software security requirements for Artemis Financial’s application. Specifically, you’ll need to follow the steps outlined below to facilitate your findings, address and remedy all areas, and use the Project Two Template, linked in What to Submit, to document your work for your practices for secure software report. You will also submit zipped files that contain the refactored code.
Algorithm Cipher: Recommend an appropriate encryption algorithm cipher to deploy, given the security vulnerabilities, and justify your reasoning. Review the scenario and the supporting materials to support your recommendation. In your practices for secure software report, be sure to address the following:
Provide a brief, high-level overview of the encryption algorithm cipher.
Discuss the hash functions and bit levels of the cipher.
Explain the use of random numbers, symmetric versus non-symmetric keys, and so on.
Describe the history and current state of encryption algorithms.
Certificate Generation: Generate appropriate self-signed certificates using the Java Keytool in Eclipse.
To demonstrate that the certificate was correctly generated:
Export your certificates (CER file).
Submit a screenshot of the CER file in your practices for secure software report.
Deploy Cipher: Deploy and implement the cryptographic hash algorithm by refactoring code. Demonstrate functionality with a checksum verification.
Submit a screenshot of the checksum verification in your practices for secure software report. The screenshot must show your name and a unique data string that has been created.
Secure Communications: Verify secure communication. In the application. properties file, refactor the code to convert HTTP to the HTTPS protocol. Compile and run the refactored code. Then once the server is running, type https://localhost:8443/hash in a new browser to demonstrate that the secure communication works successfully.
Create a screenshot of the web browser that shows a secure webpage and include it in your practices for secure software report.
Secondary Testing: Run a secondary static testing of the refactored code using the OWASP Dependency-Check Maven (see Supporting Materials) to ensure code complies with software security enhancements. You need to focus on only the code you have added as part of the refactoring. Complete the dependency check and review the output to ensure you did not introduce additional security vulnerabilities. Include the following in your practices for secure software report:
A screenshot of the refactored code executed without errors
A screenshot of the report of the output from the dependency-check static tester
Functional Testing: Identify the software application’s syntactical, logical, and security vulnerabilities by manually reviewing code.
Complete this functional testing and include a screenshot of the refactored code, executed without errors, in your practices for secure software report.
What if I receive errors or new vulnerabilities?
You will need to iterate on your design and refactored code, address vulnerabilities, and retest until no new vulnerabilities are found.
Summary: Discuss how the code has been refactored and how it complies with security testing protocols. In the summary of your practices for secure software report, be sure to address the following:
Refer to the Vulnerability Assessment Process Flow Diagram. Highlight the areas of security that you addressed by refactoring the code.
Discuss your process for adding layers of security to the software application.
Industry Standard Best Practices: Explain how you applied industry standard best practices for secure coding to mitigate against known security vulnerabilities. Be sure to address the following:
Explain how you used industry standard best practices to maintain the software application’s current security.
Explain the value of applying industry standard best practices for secure coding to the company’s overall wellbeing.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.