CS 305 Project One - Tolentino

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

305

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

5

Uploaded by UltraCamelMaster345

Report
Artemis Financial Vulnerability Assessment Report 1
Table of Contents ARTEMIS FINANCIAL VULNERABILITY ASSESSMENT REPORT .................................................... 1 Document Revision History ........................................................................................................................................ 3 Client .......................................................................................................................................................................... 3 Instructions ................................................................................................................................................................. 3 Developer ................................................................................................................................................................... 4 1. Interpreting Client Needs ..................................................................................................................................... 4 1. Areas of Security .................................................................................................................................................. 4 1. Manual Review ..................................................................................................................................................... 5 1. Static Testing ........................................................................................................................................................ 5 1. Mitigation Plan ..................................................................................................................................................... 5 2
Document Revision History Version Date Author Comments 1.0 09-17-2023 Raphael Tolentino Initial vulnerability assessment Client Instructions Submit this completed vulnerability assessment report. R eplace the bracketed text with the relevant information. In the report, identify your findings of security vulnerabilities and provide recommendations for the next steps to remedy the issues you have found. · Respond to the five steps outlined below and include your findings. · Respond using your own words. You may also choose to include images or supporting materials. If you include them, make certain to insert them in all the relevant locations in the document. · Refer to the Project One Guidelines and Rubric for more detailed instructions about each section of the template. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Developer Raphael Tolentino 1. Interpreting Client Needs What is the value of secure communications to the company? Since the company wants to offer financial services to its clients, secure commu- nications is at the forefront of their considerations and is one of the most critical areas to make the project’s deployment a success Does the company make any international transactions? The company provides services around the world and supports transactions inter- nationally Are there governmental restrictions about secure communications to consider? There are multiple international standards such as the Sarbanes-Oxley and the ISO 2700 law to ensure compliance with. What external threats might be present now and in the immediate future? There are multiple threats of DDoS, SQL injections, and malware attacks to con- sider. Additionally, identity theft is also a security consideration given the nature of financial transactions. As we get more and more advanced AIs, the risk of AIs that can reliably mimic a person’s face and voice exponentially increases and identity theft becomes easier. What are the modernization requirements that you must consider? For example: The role of open-source libraries Open-source libraries provides security analyst and developers access to cybersecurity tools without reinventing the wheel and enabling secure software development. Evolving web application technologies The company should consider cloud-based computing services for growth, scalability, and future expansion while keeping an eye on providers’ secu- rity practices and cyber hygiene. 2. Areas of Security Input Authentication : We should implement stringent controls on user inputs to prevent any potential SQL, HQL injection attacks. Additionally, we should ensure our code utilizes best- practices for cybersecurity such as query parameterization and whitelisting. APIs : We should consider implementing input validation at the API level. Additionally, if the application calls for external accessibility, we will need to implement RESTful API and we should design our APIs to prevent any unexpected outside interference. Client/Server Interaction : We need to ensure we’re not leaking any PII in our HTTP requests from our APIs. Code QA : We need to ensure our development team are familiar with current security practices and we need to perform a thorough review in critical areas of code such as API access and command input functions. 4
Data Encryption (Cryptography) : We are beholden to certain cybersecurity standards by law to maintain proper data access protocols. We need to ensure customer data is secure at all times and a way to secure this data is to utilize cryptography in user information. 3. Manual Review Reviewing the code, there are three current major problems: 1) There is no user authentication in place nor is there any use of cryptography to shield user data as basic as hashing user login information 2) Class CRUD Controller does not have the correct parameterization query in place for business name 3) The application currently does not use HTTPS when sending requests 4. Static Testing 5. Mitigation Plan [Insert text.] 5

Related Documents

C797 revised infograph.pptx
HOMEWORK.pdf
FunSec_v03_Lab02_AW.docx
Journal entry 2.docx
Topic pick. Stephanie Orange.docx
Project 1.pdf
BIO220 T1 DQ1 & DQ2.docx
3.3.2.7.docx
IST_110_Lab_Strong_Passwords_rev6.docx
IT-505 Milestone 2.docx
CHMTHQA2.docx
Tenhagen_1-2_Short_Paper.docx