Analysis of advanced security concepts, and develop secure code that complies with security testing protocols.
Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?
Artemis Financial is a consulting firm specializing in crafting tailored financial plans for clients. The client wants to update their operations and enhance the security of their web-based software application. The primary concern for the client was pinpointing and resolving any security weaknesses within their application. They also want to guarantee protection against external threats and maintain the confidentiality of their customers' financial information.
What did you do very well when you found your client’s software security vulnerabilities? Why is it important to code securely? What value does software security add to a company’s overall wellbeing?
When conducting the vulnerability assessment for Artemis Financial's software application, I was able to identify and document the security vulnerabilities effectively. I conducted a comprehensive manual review of the codebase, identifying specific class files where vulnerabilities were found. Additionally, I integrated the dependency-check plug-in into Maven and ran a static test to identify security vulnerabilities in the codebase. I documented all the vulnerabilities found, including their names or codes, descriptions, recommended solutions, and any relevant attribution.Software security adds significant value to a company's overall wellbeing. It establishes trust and confidence among clients, customers, and stakeholders by demonstrating a commitment to protecting their data and privacy.
Conducting a manual inspection of the codebase to find security flaws was one difficult part of the vulnerability assessment. Understanding the operation of the program and any potential security threats was essential for this procedure. It required closely examining the code, spotting vulnerabilities, and examining potential attack routes. It was a time-consuming task that required accuracy and knowledge of secure coding procedures.
How did you increase layers of security? In the future, what would you use to assess vulnerabilities and decide which mitigation techniques to use?
I conducted a manual review of the codebase to identify potential security vulnerabilities specific to the application and by identifying these vulnerabilities, I could recommend code changes and security best practices to mitigate the risks. I also utilized static testing with the help of the dependency-check plug-in. By running a static analysis on the codebase and its dependencies, I could identify known vulnerabilities and security weaknesses. This provided insights into potential areas of concern that required immediate attention
How did you make certain the code and software application were functional and secure? After refactoring the code, how did you check to see whether you introduced new vulnerabilities?
In order to guarantee the functionality and security of the code and software application, I conducted extensive testing, including functional and security testing, to ensure the application behaved as expected and met requirements, while also identifying any vulnerabilities in its security controls. I made sure the code complied with security guidelines and best practices. To ensure that the refactoring did not inadvertently break any existing security controls or introduce vulnerabilities in previously secure areas, I conducted regression testing. This involved retesting the previously secure functionality and verifying that the security measures remained effective.
What resources, tools, or coding practices did you use that might be helpful in future assignments or tasks?
I used static code analysis tools such as dependency-check plug-in for Maven to identify security vulnerabilities in the codebase. These tools can be valuable in future assignments for automated vulnerability scanning and code analysis.
