Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Overview In this assignment, you ll conduct a dependency check, a type of static testing that detects vulnerabilities associated with library dependencies needed for the

Overview
In this assignment, youll conduct a dependency check, a type of static testing that detects vulnerabilities associated with library dependencies needed for the application. Static testing lets you identify vulnerabilities in the code without executing the code. In this assignment, youll do the following:
Identify software security vulnerabilities by running code through a static tester.
Identify potential mitigation techniques that have been used to mitigate against vulnerabilities associated with known exploits.
Scenario
Youre a senior software developer on a team of software developers. The team is responsible for a large web application that uses Spring Framework.
The software development team discussed the vulnerabilities in the code base from your manual code review. The team plans to mitigate against the vulnerabilities. The team also supports a new functionality that requires the addition of a new library. A best practice for ensuring secure code is to use a dependency check to check the refactored code base and the additional library. There are tools to help with dependency checks. Youll integrate a dependency-check tool into your vulnerability assessment workflow.
Directions
To begin, open the Module Two Coding Assignment Code Base, linked in the Supporting Materials section, in Eclipse. Refer to the Uploading Files to Eclipse Desktop Version Tutorial, linked in the Supporting Materials section, for testing the code base in Eclipse. Then integrate the Maven Dependency-Check Plugin for the code base.
Please note: Integrating the static testing tool was a non-graded task that you should have completed in the previous module. You may have already completed these steps.
Follow the instructions in the Integrating the Maven Dependency-Check Plugin Tutorial, linked in Supporting Materials, to learn how to integrate and run the dependency-check plugin into Maven for conducting static testing. Use the instructions in the tutorial to identify the software security vulnerabilities, and document in the Module Two Coding Assignment Template, linked in What to Submit.
Specifically, you must address the following rubric criteria:
Run the dependency check on the code base. Include a screenshot of the resulting HTML report in your Module Two Coding Assignment Template. Make certain the screenshot includes the scan information at the top of the dependency-check report.
Document the results from the dependency check. In your Module Two Coding Assignment Template, make certain to include the codes and descriptions of each dependency that you found.
Analyze the results to identify the best solutions for addressing dependencies in the code base. Summarize your findings in your Module Two Coding Assignment Template. You can refer to industry standard guidelines such as the Common Vulnerabilities and Exposures (CVE) and the National Vulnerability Database (NVD), both linked in Supporting Materials.
Also consider why you should filter false positives from the dependency-check tool
Discuss this in the Module Two Coding Assignment Template.
To learn about the dependencies and interpret the results from the report, click on each dependency listed as shown below.
Dependency check report. A box outlines the dependency header and an example link to the dependency description.
Information about the dependency description, its severity, and potential solutions will also be available from the NVD. You can access this information by clicking on the matching Common Platform Enumeration (CPE), then selecting the Vulnerability ID.
Dependency check report. A box outlines the CPE header and an example link to the CPE description.
Search Results on the National Vulnerability Database website. A box outlines the Vuln ID header and an example link to the Vulnerability ID description.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Data Infrastructure For Medical Research In Databases

Authors: Thomas Heinis ,Anastasia Ailamaki

1st Edition

1680833480, 978-1680833485

More Books

Students also viewed these Databases questions

Question

Distinguish between association and cardinality.

Answered: 1 week ago

Question

6. Conclude with the same strength as in the introduction

Answered: 1 week ago

Question

7. Prepare an effective outline

Answered: 1 week ago