SNHU CS Sofware Security Questions
ANSWER
- Understanding the Scenario:
- Familiarize yourself with the scenario provided, which involves being a senior software developer responsible for a web application using Spring Framework.
- Learn About Spring Framework:
- If you are unfamiliar with Spring, watch the provided video and explore the Spring Framework guides linked in the Supporting Materials section. This will help you understand the technology stack you’re working with.
- Identify Relevant Areas of Security:
- Review the scenario and the architecture of the web application.
- Decide which of the seven areas of security mentioned in the Vulnerability Assessment Process Flow Diagram (VAPFD) are relevant to assess for this software application. These areas might include authentication, authorization, data encryption, input validation, etc.
- Document your findings in the Module Two Written Assignment Template.
- Justify Your Choices:
- Provide reasoning for why you selected each area of security. Explain why these areas are relevant to the specific software application you’re assessing.
- Code Review:
- Manually inspect the provided code base. You can upload the Module Two Written Assignment Code Base into Eclipse as a new project for review. Refer to the provided tutorial on how to do this.
- Document your findings as you review the code. Identify any security vulnerabilities you discover.
- Mitigation Plan:
- Once you’ve identified security vulnerabilities in the code, describe potential mitigation techniques. This could involve suggesting secure software design patterns, coding practices, or security libraries that can be used to address the identified vulnerabilities.
- You may refer to the Module Two Resources, including your textbook, Secure Coding Guidelines for Java SE, the Common Vulnerabilities and Exposures (CVE) list, and the National Vulnerability Database for guidance.
- Document your mitigation plan in the Module Two Written Assignment Template. This plan will guide the software development team in addressing the identified vulnerabilities.
- Submission:
- Compile all your findings, justifications, and the mitigation plan in a 1- to 2-page Microsoft Word document using the provided Module Two Written Assignment Template.
- Make sure to submit this document as your assignment.
Remember to follow the Vulnerability Assessment Process Flow Diagram (VAPFD) to structure your assessment and ensure that you cover all the necessary steps. This assignment will help you develop essential skills in identifying and mitigating security vulnerabilities in software applications.
QUESTION
Description
CS 305 Module Two Written Assignment Guidelines and Rubric
Overview
Writing code is difficult. Writing secure code can be even more challenging. As the developer, it is your responsibility to write secure code. You’ll know if your code is secure when you manually search for and identify possible security vulnerabilities. Developing this skill is important because it becomes more challenging as the number of lines and complexity of your code increase.
Fortunately, as you learned in this module, you can follow a workflow. You can also use tools that are widely accepted in the field of software security and vulnerability assessments. By following the Vulnerability Assessment Process Flow Diagram (VAPFD), you can focus your manual code inspection and narrow your search for possible security vulnerabilities within your code.
Specifically in this assignment, you will:
- Determine relevant areas of security for a software application.
- Identify software security vulnerabilities by manually reviewing source code.
- Identify potential mitigation techniques that have been used to mitigate against vulnerabilities associated with known exploits.
Scenario
You’re a senior software developer in a team of software developers. You’re responsible for a complex web application that uses Spring Framework. The team has been tasked with implementing an expressive command input function for the application. You are told the team is currently using Version 2.6.5 of the spring-data-rest-webmvc in Spring Framework. You also want to use the Spring Expression Language to accomplish the task.
If you are unfamiliar with Spring, learn about Spring Framework by watching the video and exploring the guides linked in the Supporting Materials section.
Directions
As the lead person on this application, you are responsible for ensuring that the code is secure. You’ll need to assess potential vulnerabilities in the code and create a mitigation plan for any existing vulnerabilities that the software development team must address.
To begin, see the Vulnerability Assessment Process Flow Diagram (VAPFD), linked in Supporting Materials, to help guide your code review and mitigation plan.
Specifically, you must address the following rubric criteria:
- Areas of Security: Review the scenario and use what you know about the architecture of the web application to identify relevant areas of security that are applicable for a software application:
- Decide which of the seven areas of security are relevant to assess from the first level of the VAPFD.
- Document your findings for the software development team in the Module Two Written Assignment Template, linked in What to Submit.
- Areas of Security Justification: Justify your reasoning for why each area of security is relevant to the software application.
- Code Review Summary: Once you have identified the relevant areas of security to review from the first level of the VAPFD, work through the second level. At this stage, you should:
- Manually inspect the code base provided to identify which vulnerabilities exist by uploading the Module Two Written Assignment Code Base, linked in Supporting Materials, as a new project into Eclipse.
- Refer to the Uploading Files to Eclipse Desktop Version Tutorial, linked in Supporting Materials, for how to open the code base for review.
- Document your findings for the software development team in the Module Two Written Assignment Template provided.
- Mitigation Plan: Once you have manually inspected the code and identified the security vulnerabilities:
- Describe potential mitigation techniques. For example, describe secure software designs that you could use to address the software security vulnerabilities you identified.
- It may be helpful to refer to the Module Two Resources, including your textbook, the Secure Coding Guidelines for Java SE, the Common Vulnerabilities and Exposures (CVE) list, and the National Vulnerability Database.
- Document your findings for the software development team in the Module Two Written Assignment Template provided. This plan will be used by the software development team to address all vulnerabilities in the code.
What to Submit
Submit a completed Module Two Written Assignment Template as a 1- to 2-page Microsoft Word document.
Supporting Materials
The following resources support your work on this assignment:
Video: What Is the Spring Framework Really All About? (10:44)
Reading: Spring Quickstart Guide
Reading: Building REST Services With Spring
Diagram: Vulnerability Assessment Process Flow Diagram
- A text-only version is available: Vulnerability Assessment Process Flow Diagram Text-Only Version.
Code Base: Module Two Written Assignment Code Base
Tutorial: Uploading Files to Eclipse Desktop Version Tutorial
Fill in the order form and submit all your files, including instructions, rubrics, and other information given to you by your instructor.
Once you complete filling the forms, complete your payment. We will get the order and assign it to a writer.
When your order is completed, it’s assigned to an editor for approval. The editor approves the order.
Once approved, we will upload the order to your account for you to download. You can rate your writer or give your customer review.
