CS-305

Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?

Artemis Financial is a finanical consulting firm that wants to modernized their operations, they help their customers with their savings, retirement, insurance, and investments. Global Rain and myself by extension have been hired to develop a secure application for their customers to upload files and access accounts.

What did you do particularly well in identifying their software security vulnerabilities? Why is it important to code securely? What value does software security add to a company’s overall wellbeing?

One of the things that I think that I did particularly well was learning how to run the dependency check and suppressing false positives when necessary. The reason coding securely is important is that you want to ensure that the company's and customers data is secure. This will help the company in the long run because it will show customers that your company can be trusted, because once you lose the trust of the customer it is almost impossible to get back.

What about the process of working through the vulnerability assessment did you find challenging or helpful?

One of the challenges that I faced in this course was picking an appropriate encryption algorithm cipher, because before this course I had never looked into anything that had to do with encryption algorithms. But once I started doing research it became a little easier to understand all the things that I was looking at.

How did you approach the need to increase layers of security? What techniques or strategies would you use in the future to assess vulnerabilities and determine mitigation techniques?

To increase layers of security would be to use multiple encryption algorithms in different aspects of the application. By using multiple algorithms you can have some that will validate all data and others that focus on credential authentication. For future applications I plan on using the strategy with multiple encryption algorithms.

How did you ensure the code and software application were functional and secure? After refactoring code, how did you check to see whether you introduced new vulnerabilities?

To ensure that the application was functional and secure, I ran the application on a local host and made sure that it opened in HTTPS and not in HTTP. This also allowed me to ensure that all data was show the way that it should have. After refactoring the code I would rerun the application in the local host and I would also rerun the dependency check to ensure that I did not introduce any new vulnerabilities.

What resources, tools, or coding practices did you employ that you might find helpful in future assignments or tasks?

Some resources that I found helpful was the documentation for Spring Framework, and the decumentation on Apache Commons Codec. By finding and reading those decumentations it helped me be able to implement the algorithms that I wanted to using in my code.

Employers sometimes ask for examples of work that you have successfully completed to demonstrate your skills, knowledge, and experience. What from this particular assignment might you want to showcase to a future employer?

I would show them my velernatibiliy reports before and after refactoring the code. So I could show them that I could review code, run a dependency check to see what vulnerabilities are in the code to begin with and then show them that I can do the reseach necessary to refactor the code to reduce the amount of vulnerabilities in the code. By being able to do this it will help ensure that the code is secure.