Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Overview In this assignment, you ll conduct a dependency check, a type of static testing that detects vulnerabilities associated with library dependencies needed for the
Overview
In this assignment, youll conduct a dependency check, a type of static testing that detects vulnerabilities associated with library dependencies needed for the application. Static testing lets you identify vulnerabilities in the code without executing the code. In this assignment, youll do the following:
Identify software security vulnerabilities by running code through a static tester.
Identify potential mitigation techniques that have been used to mitigate against vulnerabilities associated with known exploits.
Scenario
Youre a senior software developer on a team of software developers. The team is responsible for a large web application that uses Spring Framework.
The software development team discussed the vulnerabilities in the code base from your manual code review. The team plans to mitigate against the vulnerabilities. The team also supports a new functionality that requires the addition of a new library. A best practice for ensuring secure code is to use a dependency check to check the refactored code base and the additional library. There are tools to help with dependency checks. Youll integrate a dependencycheck tool into your vulnerability assessment workflow.
Directions
To begin, open the Module Two Coding Assignment Code Base, linked in the Supporting Materials section, in Eclipse. Refer to the Uploading Files to Eclipse Desktop Version Tutorial, linked in the Supporting Materials section, for testing the code base in Eclipse. Then integrate the Maven DependencyCheck Plugin for the code base.
Please note: Integrating the static testing tool was a nongraded task that you should have completed in the previous module. You may have already completed these steps.
Follow the instructions in the Integrating the Maven DependencyCheck Plugin Tutorial, linked in Supporting Materials, to learn how to integrate and run the dependencycheck plugin into Maven for conducting static testing. Use the instructions in the tutorial to identify the software security vulnerabilities, and document in the Module Two Coding Assignment Template, linked in What to Submit.
Specifically, you must address the following rubric criteria:
Run the dependency check on the code base. Include a screenshot of the resulting HTML report in your Module Two Coding Assignment Template. Make certain the screenshot includes the scan information at the top of the dependencycheck report.
Document the results from the dependency check. In your Module Two Coding Assignment Template, make certain to include the codes and descriptions of each dependency that you found.
Analyze the results to identify the best solutions for addressing dependencies in the code base. Summarize your findings in your Module Two Coding Assignment Template. You can refer to industry standard guidelines such as the Common Vulnerabilities and Exposures CVE and the National Vulnerability Database NVD both linked in Supporting Materials.
Also consider why you should filter false positives from the dependencycheck tool
Discuss this in the Module Two Coding Assignment Template.
To learn about the dependencies and interpret the results from the report, click on each dependency listed as shown below.
Dependency check report. A box outlines the dependency header and an example link to the dependency description.
Information about the dependency description, its severity, and potential solutions will also be available from the NVD You can access this information by clicking on the matching Common Platform Enumeration CPE then selecting the Vulnerability ID
Dependency check report. A box outlines the CPE header and an example link to the CPE description.
Search Results on the National Vulnerability Database website. A box outlines the Vuln ID header and an example link to the Vulnerability ID description.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started