CS 305 Project Two Practices for Secure Software Report - Tolentino

pdf

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

305

Subject

Computer Science

Date

Feb 20, 2024

Type

pdf

Pages

9

Uploaded by UltraCamelMaster345

Report
1 CS 305 Project Two Practices for Secure Software Report
2 Table of Contents D OCUMENT R EVISION H ISTORY ............................................................................................................................ 3 C LIENT .............................................................................................................................................................. 3 I NSTRUCTIONS ................................................................................................................................................... 3 D EVELOPER ....................................................................................................................................................... 4 1. A LGORITHM C IPHER ........................................................................................................................................ 4 2. C ERTIFICATE G ENERATION ................................................................................................................................ 4 3. D EPLOY C IPHER .............................................................................................................................................. 5 4. S ECURE C OMMUNICATIONS ............................................................................................................................. 5 5. S ECONDARY T ESTING ...................................................................................................................................... 5 6. F UNCTIONAL T ESTING ..................................................................................................................................... 7 7. S UMMARY ..................................................................................................................................................... 8
3 Document Revision History Version Date Author Comments 1.0 10/14/2023 Raphael Tolentino Client Instructions Deliver this completed Practices for Secure Software Report documenting your process for writing secure communications and refactoring code that complies with software security testing protocols. Respond to the steps outlined below and replace the bracketed text with your findings in your own words. If you choose to include images or supporting materials, be sure to insert them throughout.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 Developer Raphael Tolentino 1. Algorithm Cipher Determine an appropriate encryption algorithm cipher to deploy given the security vulnerabilities, justifying your reasoning. Be sure to address the following: Provide a brief, high-level overview of the encryption algorithm cipher. Discuss the hash functions and bit levels of the cipher. Explain the use of random numbers, symmetric vs non-symmetric keys, and so on. Describe the history and current state of encryption algorithms. Artemis Financial needs an encryption algorithm recommendation to encrypt long-term data storage for archive files. Assuming our vulnerability lies in adversaries accessing these files, we need to encrypt them using the most practical and the highest level of security whilst maintaining performance. Thus, I recommend the SHA-256 algorithm cipher, which uses 256-bit keys, or the length of the key, to encrypt said files which provides an incredibly robust resistance against multiple avenues of attacks. Furthermore, since we are storing these files in Artemis's secure database for long-term storage, there is no need for asymmetric keys. Symmetrical keys have the advantage of speed since it only requires one identical key for both encryption and decryption. But it lacks security, unlike its counterpart, asymmetric encryption means there are two sets of keys, one public key for encryption and another private key for decryption, making it more difficult to attack but also decreases its speed. Lastly, before we begin encrypting, we will also use the hash function SHA-256 to verify data integrity via our checksum verification. 2. Certificate Generation Insert a screenshot below of the CER file
5 3. Deploy Cipher Insert a screenshot below of the checksum verification 4. Secure Communications Insert a screenshot below of the web browser that shows a secure webpage. 5. Secondary Testing Insert screenshots below of the refactored code executed without errors and the dependency-check report.
6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7 6. Functional Testing Insert a screenshot below of the refactored code executed without errors.
8 7. Summary Discuss how the code has been refactored and how it complies with security testing protocols. Be sure to address the following: Refer to the Vulnerability Assessment Process Flow Diagram and highlight the areas of security that you addressed by refactoring the code. Discuss your process for adding layers of security to the software application and the value that security adds to the company’s overall we llbeing. Point out best practices for maintaining the current security of the software application to your customer. When refactoring the code, I have added a secure RestController to the application to serve as the secure controller for the hash RESTful endpoint. This SslServerController class addresses the secure coding concern in the Vulnerability Assessment Diagram and fulfills that concern. I have chosen to use SHA-256 as the hashing cipher for this function using the MessageDigest and Bouncy Castle API to create the hash function, keeping the code minimal and streamlined. I have updated the Maven dependency checker from 5.3.0 to 8.4.0 in the pom.xml to ensure accurate and up-to-date vulnerability reports. I would recommend that the dependency checker is run at least once or twice per month to check for new vulnerabilities discovered and rectified to maintain the current security of the application. Additionally, ensuring updated plug-ins in the pom.xml configuration will ensure the latest vulnerability threats can be reviewed and remedied. 8. Industry Standard Best Practices
9 I first started a manual review of the code to assess inherit code vulnerabilities and ensure the code meets the client’s needs and any mandatory regulation. After reviewing the code, I found that it did not have a certificate to use HTTPS protocol, so I first created a self-signed certificate to enable the HTTPS protocol. After creating a self-signed certificate using the RSA cipher with 2048 bits, I reviewed the hashing algorithm used to verify data integrity. Since there was none, I had to create an algorithm using the SHA-256 cipher and verify by performing a checksum verification. Then, I reviewed the pom.xml configuration and found that I needed to update the Maven dependency check plug-in from 5.3.0 to 8.4.0 to ensure the most accurate and up-to-date vulnerability report can be pulled. After doing that, I reviewed the dependency report and found that there are several dependencies that could be updated to the latest version to ensure maximum security. Following the industry standard can serve as a checklist to ensure our assessments are thorough and provide the client with peace of mind. Additionally, it will streamline our analysis, saving us time.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CS 230 Project Software Design - Tolentino Project 2.docx
CS 305 Module Two Coding Assignment - Tolentino.docx
CS 305 Module Two Written Assignment Tolentino.docx
Module 4-2 Pseudocode.docx
CS319 Module 2 - Interview and Personas.docx
CS319 Module 5-3 Data Prioritization.docx
Color, Sounds, and Motion.docx
Guided Practice - Network Security.docx
Tenhagen_7-2_Activity.docx
Project Phase 3_ VLANs and IoT.docx
Project - Connecting to the Internet (1).docx
Assignment4.docx
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
A+ Guide To It Technical Support
Computer Science
ISBN:9780357108291
Author:ANDREWS, Jean.
Publisher:Cengage,
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
A+ Guide To It Technical Support
Computer Science
ISBN:9780357108291
Author:ANDREWS, Jean.
Publisher:Cengage,
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS