Project 2 for CS 305
-
Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?
I was approached by Artemis Financial because they wanted to make sure the data of their customers was as protected as possible. As cybersecurity is of vital importance to both a company and it's customers, they needed a strong foudation for the system they currently use through the use of algorithm ciphers, SSL certificates, and up-to-date API dependencies.
-
What did you do particularly well in identifying their software security vulnerabilities? Why is it important to code securely? What value does software security add to a company’s overall wellbeing?
By utilizing penetration testing, I was able to accurately identify all vulnerabilities within the code base provided to me. This allowed me to take inventory of all of the security issues this system faced, and gave me the insight to provide the best solutions possible when securing the code.
-
What about the process of working through the vulnerability assessment did you find challenging or helpful?
It was helpful because it gave me a much bigger picture on what was needed to be done, however it was very challenging at first getting used to how everything worked. Figuring out what to scan and what not to scan when it came to the vulnerabilities of the dependencies being used was definitely a challenge. StackOverflow was my best pal during this term.
-
How did you approach the need to increase layers of security? What techniques or strategies would you use in the future to assess vulnerabilities and determine mitigation techniques?
To provide maximum security, layered security implementation is essential. This is because you deploy multiple security controls that help protect the vulnerable aspects of the software and the system as a whole. It helps bolster the security of the system and provides a secure environment; this can be implemented through multi-factor authentication among other techniques.
-
How did you ensure the code and software application were functional and secure? After refactoring code, how did you check to see whether you introduced new vulnerabilities?
During the development process, code scanning tools were used to catch vulnerabilities that could have been used by the programming language used. To ensure that the final application was functional and secure, we did continuous updates of the code packages during the entire development process rather than waiting to conduct scans at the final process. For refactoring, I used to refactor before adding any new features, set clear timelines to avoid the last-minute rush, and finally, did numerous testing throughout the refractory process.
-
What resources, tools, or coding practices did you employ that you might find helpful in future assignments or tasks?
Stackoverflow, and learning the ins and outs of Eclipse helped a ton. Also the class book that our readings were assigned from gave great insight as to the how and why we do what we do.
-
Employers sometimes ask for examples of work that you have successfully completed to demonstrate your skills, knowledge, and experience. What from this particular assignment might you want to showcase to a future employer?
I would show them this project. All requirements were met and it showed a great use of the tools available to me. This project gave me the confidence needed to perform tests on code to make sure it is as secure as possible.