Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Writing code is difficult. Writing secure code can be even more challenging. As the developer, you are responsible for writing secure code. You ll know

Writing code is difficult. Writing secure code can be even more challenging. As the developer, you are responsible for writing secure code. Youll know your code is secure when you manually search for and identify possible security vulnerabilities. Developing this skill is important because it becomes more challenging as the number of lines and complexity of your code increase.
As you learned in this module, you can follow a workflow. You can also use tools widely accepted in software security and vulnerability assessments. You can focus your manual code inspection and narrow your search for possible security vulnerabilities within your code by following the vulnerability assessment process flow diagram.
Specifically, in this assignment, you will complete the following actions:
Determine relevant areas of security for a software application.
Identify software security vulnerabilities by manually reviewing source code.
Identify potential mitigation techniques that have been used to mitigate vulnerabilities associated with known exploits.
Scenario
You are a senior software developer on a team of software developers. You are responsible for a complex web application that uses the Spring framework. The team has been tasked with implementing an expressive command input function for the application. The team is using version 2.6.5 of the spring-data-rest-webmvc in the Spring framework. You also want to use the Spring Expression Language to accomplish the task.
Review the resources in this modules Resources section to learn about the Spring framework.
Directions
As the lead person on this application, you are responsible for making certain that the code is secure. You will need to assess potential vulnerabilities in the code and create a mitigation plan for any existing vulnerabilities that the software development team must address.
To begin, see the vulnerability assessment process flow diagram linked in the Supporting Materials section to help guide your code review and mitigation plan.
Specifically, you must address the following rubric criteria:
Areas of Security: Review the scenario and use what you know about the architecture of the web application to identify relevant areas of security that are applicable for a software application:
Provide sufficient detail to address which of the seven areas of security are relevant to assess from the first level of the vulnerability assessment process flow diagram.
Document your findings for the software development team in the Module Two Written Assignment Template linked in the What to Submit section.
Areas of Security Justification: Provide a justification and rationale for why each area of security is relevant to the software application.
Code Review Summary: Once you have identified the relevant areas of security to review from the first level of the vulnerability assessment process flow diagram, work through the second level. At this stage, you should complete the following actions:
Manually inspect the code base provided to identify which vulnerabilities exist. To do this, upload the Module Two Written Assignment Code Base linked in the Supporting Materials section as a new project into Eclipse.
Refer to the Uploading Files to Eclipse Desktop Version Tutorial linked in the Supporting Materials section to learn how to open the code base for review.
Document your findings in detail for the software development team in the Module Two Written Assignment Template.
Mitigation Plan: Once you have manually inspected the code and identified the security vulnerabilities, complete the following actions:
Describe potential mitigation techniques. For example, describe secure software designs that you could use to address the software security vulnerabilities you identified.
Refer to the Module Two Resources section for help with this response.
Document your findings for the software development team in the Module Two Written Assignment Template. The software development team will use this plan to address all vulnerabilities in the code.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

What Is A Database And How Do I Use It

Authors: Matt Anniss

1st Edition

1622750799, 978-1622750795

More Books

Students also viewed these Databases questions