-
Notifications
You must be signed in to change notification settings - Fork 1
/
ssdcs_module.html
708 lines (336 loc) · 25.3 KB
/
ssdcs_module.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
<!DOCTYPE HTML>
<!--
Forty by HTML5 UP
html5up.net | @ajlkn
Free for personal and commercial use under the CCA 3.0 license (html5up.net/license)
-->
<html>
<head>
<title>Marianne Lyne Manaog</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
<link rel="stylesheet" href="assets/css/main.css" />
<noscript><link rel="stylesheet" href="assets/css/noscript.css" /></noscript>
</head>
<body class="is-preload">
<!-- Wrapper -->
<div id="wrapper">
<!-- Header -->
<!-- Note: The "styleN" class below should match that of the banner element. -->
<header id="header" class="alt style2">
<a href="index.html" <span>Marianne Lyne Manaog</span></a>
<nav>
<a href="#menu">Menu</a>
</nav>
</header>
<!-- Menu -->
<nav id="menu">
<ul class="links">
<li><a href="index.html">Home</a></li>
<li><a href="oois_module.html">OOIS module</a></li>
<li><a href="oois_reflections.html">Reflections - OOIS</a></li>
<li><a href="ns_module.html">NS module</a></li>
<li><a href="ns_reflections.html">Reflections - NS</a></li>
<li><a href="ssdcs_module.html">SSDCS module</a></li>
<li><a href="ssdcs_reflections.html">Reflections - SSDCS</a></li>
<li><a href="sepm_module.html">SEPM module</a></li>
<li><a href="sepm_reflections.html">Reflections - SEPM</a></li>
<li><a href="rmpp_module.html">RMPP module</a></li>
<li><a href="rmpp_reflections.html">Reflections - RMPP</a></li>
</ul>
</nav>
<!-- Banner -->
<!-- Note: The "styleN" class below should match that of the header element. -->
<section id="banner" class="style2">
<div class="inner">
<span class="image">
<img src="images/pic07.jpg" alt="" />
</span>
<header class="major">
<h1>Secure Software Development</h1>
</header>
<div class="content">
<p>Secure development methodologies in Software Development Life Cycle (SDLC) models, <br />
such as Agile and TOGAF.</p>
</div>
</div>
</section>
<!-- Main -->
<div id="main">
<!-- One -->
<section id="one">
<div class="inner">
<header class="major">
<h2>Lessons learnt and key outcomes</h2>
</header>
<p>By the units mentioned below, I understood the fundamentals of secure software development and critically assess its components and learn from case studies involving cryptographic failures to design secure, purpose-built, industry-grade, successful software systems adopting security-related principles, best practices, and methodologies. These techniques involved appropriate gathering of requirements, analysis, design, software implementation and testing for secure software development. Thereafter, I learnt to appreciate related achitectural principles and leverage them in traditional and contemporary Software Development Life Cycle (SDLC) models, such as TOGAF and Agile, to build a secure, CRUD-functional internet forensics-related command line interface (CLI)-based application. Throughout these endeavours, I learnt how to design and develop secure software systems to streamline and inform business decisions involving handling personal data whilst adhering to data privacy regulations, such as the European Union (EU)’s General Data Protection Regulations (GDPR).</p>
</div>
</section>
<!-- Two -->
<section id="two" class="spotlights">
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2017/03/23/13/56/warning-2168379_960_720.png" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 1: Introduction to Secure Software Development</h3>
</header>
<p>Management methodologies, such as Agile, and a risk-aware organisational culture were reviewed and considered to support modern software development, which are more suitable than waterfall for large-scale, dynamic, and user-centred development. The Unified Modelling Language (UML) was studied and leveraged to design software systems, starting with a UML flowchart, which I created as a part of the first collaborative discussion. You can access it by clicking 'LEARN MORE' below.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Collab_discussion_unit_1.docx" target="_blank" rel="noopener noreferrer" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2019/07/16/18/18/frontend-4342425_960_720.png" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 2: UML Modelling to Support Secure System Planning</h3>
</header>
<p>UML modelling was studied in further detail and, along with relevant software security standards, such as the ISO/IEC ones, applied to support the design stage of the SDLC and create use case diagrams involving the high-level industry-relevant application considered, sequence diagrams to summarise the key steps involved in a workflow to be aided via software, activity diagrams detailing the main activities executed by a user, class diagrams displaying which classes are involved in the software system, along with their relationships and details on their attributes and methods. I also provided the following two peer responses on the collaborative discussion started in unit 1: <a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/First_peer_response_unit_2.docx">the first peer response</a> and <a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Second_peer_response_unit_2.docx">the second peer response</a>. Furthermore, I wrote a blog post in response to the seminar question on the selection of five terms from the ISO/IEC Standard 27,000 Section 3 Terms and Definitions and how people can be managed to overcome cybersecurity attacks from the inside. You can access it by clicking ‘LEARN MORE’ below.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Blog_post_unit_2.docx" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2017/06/16/14/24/absorbed-2409314_960_720.png" alt="" data-position="25% 25%" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 3: Programming Languages: History, Concepts & Design</h3>
</header>
<p>In this unit, I studied the history, concepts, and design that led to the contemporary programming languages, such as Python, and the best practices and methods to overcome common security issues. Key programming languages-related concepts, in particular those focused on object-oriented programming (OOP), such as inheritance, polymorphism and abstraction, were investigated, along with their purposes and how to leverage these principles in Python. Common security challenges were reviewed and recommendations to mitigate them were provided. Relevant design patterns were reviewed, focusing on how they can help to design and implement more secure software systems. I provided my contribution to the team discussion on what a secure programming language is, with focus on Python programming and its comparison with C for creating operating systems, as per <a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Discussion%20on%20Secure%20Programming%20-%20Unit%203.docx">this post</a>. <a href="https://github.com/marianne-manaog/ssdcs-module-activities/tree/main/codio_activities">Programming-related activities</a> were carried out in Codio, including the evaluation of buffer overflows and leveraging linting tools, such as ‘pylint’, for automating code quality checks and building more standardised and secure software. I also wrote a summary post on the collaborative discussion started in unit 1, which can be accessed by clicking ‘LEARN MORE’ below.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Summary_post_unit_3.docx" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2021/09/13/22/03/code-6622549_960_720.png" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 4: Exploring Programming Language Concepts</h3>
</header>
<p>This unit allowed me to assess pros and cons, and the impact of key programming concepts, such as regular expressions (RegEx) and recursion, on software systems’ functionality and security, as well as suggest the most suitable method tailored to the specific security requirements considered. I also had the chance to contribute to a discussion on RegEx, with focus on ReDOS and Evil RegEx, including the issues associated with the use of RegEx and appropriate strategies to mitigate them, as well as how RegEx can be leveraged as a part of a security solution. You can read my contribution by clicking ‘LEARN MORE’ below.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Programming%20language%20concepts.docx" target="_blank" rel="noopener noreferrer" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2021/03/05/05/12/man-6070329_960_720.png" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 5: An Introduction to Testing</h3>
</header>
<p>This unit enabled me to learn and understand how to test software comprehensively, considering both its overall quality and security. The main industry-standard testing processes were leveraged, such as the OWASP and the ISO/IEC/IEEE ones. Tools in Python were explored and used for automating the testing process, including logical and stylistic linters, with focus on the security-related aspects. As a part of this unit and week, I had the opportunity to explore and discuss the relevance of cyclomatic complexity nowadays, which is considered in modules on testing the validity of the design of codes. You can access my post by clicking ‘LEARN MORE’ below.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Exploring%20the%20Cyclomatic%20Complexity%20-%20Unit%205.docx" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2018/04/06/21/55/lint-3297126_960_720.png" alt="" data-position="25% 25%" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 6: Using Linters to Support Python Testing</h3>
</header>
<p>During this unit, technologies available in Python for linting were explored to support the implementation of high-quality software. The rationale of using these tools was to ensure the development of high-quality and, correspondingly, secure codes. Their relevance to both development and testing was assessed and they were leveraged to aid both processes accordingly, including related <a href="https://github.com/marianne-manaog/ssdcs-module-activities/tree/main/codio_activities">programming-related activities</a> carried out on Codio. By the end of this unit, as a part of a team of colleagues/students, a design document was written on the proposed secure CRUD-functional RESTful API to aid the use case of internet forensics for the Dutch Police. You can access my team’s design document by clicking ‘LEARN MORE’ below.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/assignment_design_document/Design%20Document_assignment_1.docx" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2022/08/20/21/03/computer-7400013_960_720.png" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 7: Introduction to Operating Systems</h3>
</header>
<p>In this unit, I had the chance to appreciate the relationships between operating systems (OS) and programming languages and software system’s security. As these interactions may require the user’s application to connect with and leverage software libraries, relevant security implications were investigated. During this unit’s activity, I had the opportunity to ponder on the meaning and definition of an ontology and how it pertains to a software system. You can read my responses by clicking ‘LEARN MORE’ below.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Unit%207_activity.docx" target="_blank" rel="noopener noreferrer" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2016/09/08/04/09/security-department-1653345_960_720.png" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 8: Cryptography and Its Use in Operating Systems</h3>
</header>
<p>This unit allowed me to study and evaluate the principles, technology, and use of cryptography, how it is leveraged with operating systems, as well as explore and consume some common cryptographic libraries in Python. I had the chance to participate in the second collaborative discussion of the module, this time on a case study focused on “TrueCrypt”, which you can access by clicking ‘LEARN MORE’ below. This activity also involved the <a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Ontology_design_TrueCrypt.pptx">design of its ontology</a> considering the main security vulnerabilities and causes that may lead users to experience attacks exploiting them. Moreover, via <a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Seminar%20activity_unit_8.docx">this seminar activity</a>, I had the opportunity to discuss how GDPR regulations can be adhered in software by design to mitigate data privacy- and security-related risks.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Collaborative%20Discussion%202%20-%20Initial%20post_unit_8.docx" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2018/08/18/13/26/interface-3614766_960_720.png" alt="" data-position="25% 25%" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 9: Developing an API for a Distributed Environment</h3>
</header>
<p>In this unit, I could learn and practise on how to create an application programming interface (API) via the Python library ‘Flask’ and experiment with creating/reading records into/from a relational, SQL database. In this instance, I had the chance to appreciate how security can be enforced to create software as per programming-related best practices that can be consumed by and is valuable to users. I also had the opportunity to review my peers’ posts on the second collaborative discussion and provide two peer responses accordingly with my feedback, which you can access by clicking ‘LEARN MORE’ below.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Peer%20responses%20for%20the%20collaborative%20discussion%20in%20unit%209.docx" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2021/03/16/20/08/big-data-6100853_960_720.png" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 10: From Distributed Computing to Microarchitectures</h3>
</header>
<p>The main software systems’ architectures, from monolithic deployments to microservices, virtualisation, and containers, were analysed and, considering more distributed ways of operating, further methods to ensure security were explored. Such techniques mainly considered the importance of adequate encryption, such as distributing encryption keys, as well as evaluated the specific attacks to virtualised environments. I also provided a summary post to conclude the second collaborative discussion, which you can read by clicking ‘LEARN MORE’ below. Furthermore, <a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Unit_10_faceted_data_activity.docx">faceted data</a> were considered as an approach to protect systems from data leakage, as well as their pros and cons.</p>
<ul class="actions">
<li><a href="https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Summary_post_unit_10.docx" target="_blank" rel="noopener noreferrer" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2020/07/10/05/16/binary-5389555_960_720.png" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 11: Future trends in Secure Software Development</h3>
</header>
<p>Trends and advances in secure software development were reviewed within both academic research and industry, such as Fog Computing, the Internet of Things, and Cyber Physical Systems, encompassing several areas, from design to implementation, programming languages and operating systems. The security issues associated with the aforementioned systems were considered and strategies to mitigate them were investigated. The Tanenbaum-Torvalds debate on whether microservices and microkernels are the future was discussed and I provided my views on it in <a href=" https://github.com/marianne-manaog/ssdcs-module-activities/blob/main/collaborative_discussions/Unit%2011%20%E2%80%93%20Debate%20on%20Microservices%20and%20Microkernels.docx">this post</a>. As a part of a team, in the repository that can be accessed by clicking ‘LEARN MORE’ below, I was one of the main contributors developing a secure CRUD-functional CLI-based application, implementing CLI-based entry points to perform CRUD operations, a centralised global logger to ensure full application’s auditability and monitoring, extensive user inputs’ validation along with appropriate exception handling and logging, multi-threading to enable parallelisation of the requests thus allowing two or further concurrent users to consume it, automated code quality checks and linting, unit and integration testing of the main applications’ functionalities, including CRUD operations, encryption, and user inputs’ validation. Furthermore, I had created a conda virtual environment for us to work on the same environment in Python with the same dependencies, as well as scanned them to understand if they had any security vulnerabilities and created a Python package out of our application that can be installed via pip. I was also the main reviewer of my team members’ pull requests, aiming to achieve a high-quality and secure software as per the assignment’s specifications.</p>
<ul class="actions">
<li><a href="https://github.com/emesdav/team-separation-of-duties" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2017/01/31/15/33/linux-2025130_960_720.png" alt="" data-position="25% 25%" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Unit 12: The Great Tanenbaum-Torvalds Debate Revisited</h3>
</header>
<p>In this unit, I had the chance to revisit the Great Tanenbaum-Torvalds Debate, thus reviewing further articles on monoliths, microkernels, and microservices, as well as exploring additional advances in secure software development. As a part of this unit, I also submitted this e-Portfolio for consideration.</p>
</div>
</div>
</section>
<section>
<a class="image">
<img src="https://cdn.pixabay.com/photo/2017/08/06/12/06/people-2591874_960_720.jpg" alt="" data-position="top center" />
</a>
<div class="content">
<div class="inner">
<header class="major">
<h3>Reflections on Secure Software Development, this module, and own self-development</h3>
</header>
<p>In this reflective piece, I summarised what I learnt on Secure Software Development in this module, the work I carried out throughout it, and their impact on my personal and professional development. Click ‘LEARN MORE’ below to read it.</p>
<ul class="actions">
<li><a href="ssdcs_reflections.html" class="button">Learn more</a></li>
</ul>
</div>
</div>
</section>
</section>
</div>
<!-- Contact -->
<section id="contact">
<div class="inner">
<section>
<form method="post" action="#">
<div class="fields">
<div class="field half">
<label for="name">Name</label>
<input type="text" name="name" id="name" />
</div>
<div class="field half">
<label for="email">Email</label>
<input type="text" name="email" id="email" />
</div>
<div class="field">
<label for="message">Message</label>
<textarea name="message" id="message" rows="6"></textarea>
</div>
</div>
<ul class="actions">
<li><input type="submit" value="Send Message" class="primary" /></li>
<li><input type="reset" value="Clear" /></li>
</ul>
</form>
</section>
<section class="split">
<section>
<div class="contact-method">
<span class="icon solid alt fa-envelope"></span>
<h3>Email</h3>
<a href="#">marianne.manaog@ieee.org</a>
</div>
</section>
</section>
</div>
</section>
<!-- Footer -->
<footer id="footer">
<div class="inner">
<ul class="icons">
<li><a href="https://github.com/marianne-manaog" class="icon brands alt fa-github"><span class="label">GitHub</span></a></li>
<li><a href="https://www.linkedin.com/in/marianne-lyne-m/" class="icon brands alt fa-linkedin-in"><span class="label">LinkedIn</span></a></li>
</ul>
<ul class="copyright">
<li>© Marianne Lyne Manaog</li><li>Design: <a href="https://html5up.net">HTML5 UP</a></li>
</ul>
</div>
</footer>
</div>
<!-- Scripts -->
<script src="assets/js/jquery.min.js"></script>
<script src="assets/js/jquery.scrolly.min.js"></script>
<script src="assets/js/jquery.scrollex.min.js"></script>
<script src="assets/js/browser.min.js"></script>
<script src="assets/js/breakpoints.min.js"></script>
<script src="assets/js/util.js"></script>
<script src="assets/js/main.js"></script>
</body>
</html>