Competencies
Write secure communications through the application of current encryption technologies and techniques
Design and implement code that complies with software security testing protocols
Artemis Financial wants to modernize their operations. As a crucial part of the success of their custom software, they also want to use the most current and effective software security. Artemis Financial has a public web interface. They are seeking Global Rain’s expertise about how to protect their client data and financial information.
Specifically, Artemis Financial wants to add a file verification step to their web application to ensure secure communications. When the web application is used to transfer data, they will need a data verification step in the form of a checksum. You must take their current software application and add secure communication mechanisms to meet their software security requirements. You’ll deliver a production quality integrated application that includes secure coding protocols.
Directions
You must examine Artemis Financial’s software to address any security vulnerabilities. This will require you to refactor the Project Two Code Base, linked in the Supporting Materials section, to add functionality to meet software security requirements for Artemis Financial’s application. Specifically, you’ll need to follow the steps outlined below to facilitate your findings, address and remedy all areas, and use the Project Two Template, linked in What to Submit, to document your work for your practices for secure software report. You will also submit zipped files that contain the refactored code.
Algorithm Cipher: Recommend an appropriate encryption algorithm cipher to deploy, given the security vulnerabilities, and justify your reasoning. Review the scenario and the supporting materials to support your recommendation. In your practices for secure software report, be sure to address the following:
Discuss the hash functions and bit levels of the cipher.
Explain the use of random numbers, symmetric versus non-symmetric keys, and so on.
Certificate Generation:Generate appropriate self-signed certificates using the Java Keytool in Eclipse.
To demonstrate that the certificate was correctly generated:
Create a screenshot of the web browser that shows a secure webpage and include it in your practices for secure software report.
Secondary Testing: Run a secondary static testing of the refactored code using the OWASP Dependency-Check Maven (see Supporting Materials) to ensure code complies with software security enhancements. You need to focus on only the code you have added as part of the refactoring. Complete the dependency check and review the output to ensure you did not introduce additional security vulnerabilities. Include the following in your practices for secure software report:
A screenshot of the report of the output from the dependency-check static tester
What if I receive errors or new vulnerabilities?You will need to iterate on your design and refactored code, address vulnerabilities, and retest until no new vulnerabilities are found.
Summary:Discuss how the code has been refactored and how it complies with security testing protocols. In the summary of your practices for secure software report, be sure to address the following:
Refer to the Vulnerability Assessment Process Flow Diagram. Highlight the areas of security that you addressed by refactoring the code.
Explain how you used industry standard best practices to maintain the software application’s current security.
Explain the value of applying industry standard best practices for secure coding to the company’s overall wellbeing.
