- Github repo- Courtney
- Threat Model - Courtney
- Research on tools- Courtney
- Research on libraries-
- Research on database- Michael
- Java method planning - Michael
- Incident Response Plan
- 2MFA- Michael
- Libraries and tool documentation
- Research on database options
- Review Attack Surface
- Dynamic Analysis Tools: Junit and Jacoco, review and document
- Security Review
- Added static code analysis to project
- Worked on adding database to application
- Implemented Encryption, Decryption, Salt, and Hashing to methods
- Implemented methods for interacting with the database
- Set up base for project
- Created CLI app
- Code coverage library
- Unit testing library
- Static and Dynamic Testing
- Incident Response Plant
- Final Security Review
- Added checkstyle fixes to methods
- Added java doc comments to methods
- Added more features into the CLI
Either download the jar file from the release page, or clone the repo and compile Main class in the ics427 directory found in src>main>java
Enter java -jar ics427.jar login
into the command line to login to the project. Follow the prompts afterward.
If this is your first time using the app, you need to create a login, to do this use the -c flag like this: java -jar ics427.jar login -c.
- MICHAEL CHUN:
- Trying to make sure the methods were easy to integrate by other team member was time consuming and difficult
- This project really emphasized that a lot of planning needs to be done to both ensure security is accounted for and planning for integration purposes
- Learning how to work with both SQLite and all the different encryption methods and libraries was helpful, but difficult
- Learning about all the different ways to encrypt, hash, and protect your data was very helpful when approaching future projects
- I wish I could take more time to implement other secure features to help make it more functional as well as more secure. Things like changing master login passwords, en/decrypting the usernames as well, and finding a way to encrypt the entire database in a unintrusive way.
- I'm proud I was able to successfully learn how to create secure database practices and use salting/hashing/encryption/decryption/etc.
- TREY YASUNAGA:
- Just setting up the file structure to get the project to run with all the dependencies was quite challenging.
- Did not know you could generate a database from a jar file
- Generating the secure database was pretty cool
- It would be nice to add more commands, but I don't know what else would be handy to have.
- COURTNEY DAVIS:
- I learned all sorts of things about coding
- This is the first time I've used GitHub! I will use it in future project. I'm actually going to use GitHub to import a vulnerability into a box for a DOD cyber games project.
- I learned ALOT about secure coding practices that will help be in my future career as a cybersecurity specialist.
- Mike and Trey were great partners to have for this project.
- DISCLAIMER:
- Your passwords are your responsibility. If something goes wrong and your credentials are lost, it is on you.