CS-305-T3676 Software Security 22EW3
- Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?
The client, Artemis Finacial is a financial consulting company. They develop individual finacial plans for their clients. They would like to modernize their operations with custom software and would like to implement the latest and most effective software security.
- What did you do particularly well in identifying their software security vulnerabilities? Why is it important to code securely? What value does software security add to a company’s overall wellbeing?
I was able to summarize and assess the vulnerablilties fairly well. Coding securely is important in preventing vulnerabilities in software that may potentially be exposed to exploits and attacks. Software security prevents not only monetary loss, but also prevents loss of customer confidence.
- What about the process of working through the vulnerability assessment did you find challenging or helpful?
I found that the documentation was challenging. Explaining what I've done and the technical data in a simple concise from is challenging and takes a bit of time for me.
- How did you approach the need to increase layers of security? What techniques or strategies would you use in the future to assess vulnerabilities and determine mitigation techniques?
To increase the layers of security I suggested to use a strong encryption as well as keep all software up-to-date to prevent any vulnerabilities. Another suggestion would be to use multiple algorithms to validate data and secure credential authentication.
- How did you ensure the code and software application were functional and secure? After refactoring code, how did you check to see whether you introduced new vulnerabilities?
To ensure the code and software application were functional and secure, I ran the application in HTTPS rather than HTTP to ensure all data commuication was secure and showed up the way it should. After refactoring the code I reran the application to ensure it worked and reran the dependency check to make sure that I did not accidently introduce any new vulnerabilities.
- What resources, tools, or coding practices did you employ that you might find helpful in future assignments or tasks?
Resources that were helpful were the Spring Framework documentation, and the Apache Commons Codec documentation. There are also various tutorials and examples online to get a better understanding of implementation.
- Employers sometimes ask for examples of work that you have successfully completed to demonstrate your skills, knowledge, and experience. What from this particular assignment might you want to showcase to a future employer?
I would show the vulnerability reports, algorithm cypher, certificate, checksum verification, SHA hash, as well as the refactored code. This will show I can review code, run security checks for vulnerabilities, as well as secure a program with best practices.