Write My Paper Button

WhatsApp Widget

SNHU CS Sofware Security Questions

Share this post on:

SNHU CS Sofware Security Questions – Description

CS 305 Module Two Written Assignment Guidelines and Rubric
Overview

Writing code is difficult. Writing secure code can be even more challenging. As the developer, it is your responsibility to write secure code. You’ll know if your code is secure when you manually search for and identify possible security vulnerabilities. Developing this skill is important because it becomes more challenging as the number of lines and complexity of your code increase.

Fortunately, as you learned in this module, you can follow a workflow. You can also use tools that are widely accepted in the field of software security and vulnerability assessments. By following the Vulnerability Assessment Process Flow Diagram (VAPFD), you can focus your manual code inspection and narrow your search for possible security vulnerabilities within your code.

Specifically in this assignment, you will:

Determine relevant areas of security for a software application.
Identify software security vulnerabilities by manually reviewing source code.
Identify potential mitigation techniques that have been used to mitigate against vulnerabilities associated with known exploits.
Scenario

You’re a senior software developer in a team of software developers. You’re responsible for a complex web application that uses Spring Framework. The team has been tasked with implementing an expressive command input function for the application. You are told the team is currently using Version 2.6.5 of the spring-data-rest-webmvc in Spring Framework. You also want to use the Spring Expression Language to accomplish the task.

If you are unfamiliar with Spring, learn about Spring Framework by watching the video and exploring the guides linked in the Supporting Materials section.

Directions

As the lead person on this application, you are responsible for ensuring that the code is secure. You’ll need to assess potential vulnerabilities in the code and create a mitigation plan for any existing vulnerabilities that the software development team must address.

To begin, see the Vulnerability Assessment Process Flow Diagram (VAPFD), linked in Supporting Materials, to help guide your code review and mitigation plan.

Specifically, you must address the following rubric criteria:

Areas of Security: Review the scenario and use what you know about the architecture of the web application to identify relevant areas of security that are applicable for a software application:
Decide which of the seven areas of security are relevant to assess from the first level of the VAPFD.
Document your findings for the software development team in the Module Two Written Assignment Template, linked in What to Submit.
Areas of Security Justification: Justify your reasoning for why each area of security is relevant to the software application.
Code Review Summary: Once you have identified the relevant areas of security to review from the first level of the VAPFD, work through the second level. At this stage, you should:
Manually inspect the code base provided to identify which vulnerabilities exist by uploading the Module Two Written Assignment Code Base, linked in Supporting Materials, as a new project into Eclipse.
Refer to the Uploading Files to Eclipse Desktop Version Tutorial, linked in Supporting Materials, for how to open the code base for review.
Document your findings for the software development team in the Module Two Written Assignment Template provided.
Mitigation Plan: Once you have manually inspected the code and identified the security vulnerabilities:
Describe potential mitigation techniques. For example, describe secure software designs that you could use to address the software security vulnerabilities you identified.
It may be helpful to refer to the Module Two Resources, including your textbook, the Secure Coding Guidelines for Java SE, the Common Vulnerabilities and Exposures (CVE) list, and the National Vulnerability Database.
Document your findings for the software development team in the Module Two Written Assignment Template provided. This plan will be used by the software development team to address all vulnerabilities in the code.
What to Submit

Submit a completed Module Two Written Assignment Template as a 1- to 2-page Microsoft Word document.

Supporting Materials

The following resources support your work on this assignment:

Video: What Is the Spring Framework Really All About? (10:44)

Reading: Spring Quickstart Guide

Reading: Building REST Services With Spring

Diagram: Vulnerability Assessment Process Flow Diagram

A text-only version is available: Vulnerability Assessment Process Flow Diagram Text-Only Version.

Code Base: Module Two Written Assignment Code Base

Tutorial: Uploading Files to Eclipse Desktop Version Tutorial

The post SNHU CS Sofware Security Questions first appeared on .

Share this post on:

Affordable and Dependable Platform for Your Academic Assignments

X