Description Directions You are tasked with examining Artemis Financial’s web-based software appl ...

---

Description Directions You are tasked with examining Artemis Financial’s web-based software application by conducting a vulnerability assessment. Implementing what you have learned so far and using the supporting materials provided to assist you, review and analyze the security vulnerabilities specific to Artemis Financial’s web-based software application and document the following in the Vulnerability Assessment Report Template. Interpreting Client Needs: Review the scenario to determine your client’s needs and potential threats and attacks associated with their application and software security requirements. Document your findings in your Vulnerability Assessment Report. Consider the following regarding how companies protect against external threats based on the scenario information: What is the value of secure communications to the company? Are there any international transactions that the company produces? Are there governmental restrictions about secure communications to consider? What external threats might be present now and in the immediate future? What are the “modernization” requirements that must be considered, such as the role of open source libraries and evolving web application technologies? Areas of Security: Use what you’ve learned in Step 1 and refer to the Vulnerability Assessment Process Flow Diagram provided. Think about the functionality of the software application to identify which areas of security are applicable to Artemis Financial’s web application. Document your findings in your Vulnerability Assessment Report and justify your reasoning for why each area is relevant to the software application. *Please note: Not all seven areas of security identified in the Vulnerability Assessment Process Flow Diagram may be applicable for the company’s software application. Manual Review: Refer to the seven security areas outlined in the Vulnerability Assessment Process Flow Diagram. Use what you’ve learned in Steps 1 and 2 to guide your manual review. Identify all vulnerabilities in the code base by manually inspecting the code. Document your findings in your Vulnerability Assessment Report. Be sure to include a description identifying where the vulnerabilities are found (specific class file, if applicable). Static Testing: Integrate the dependency check plug-in into Maven by following the instructions outlined in the tutorial provided. Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code. Specifically, record the following from the dependency check report in your Vulnerability Assessment Report: The names or vulnerability codes of the known vulnerabilities A brief description and recommended solutions provided by the dependency check report Attribution (if any) that documents how this vulnerability has been identified or documented previously Mitigation Plan: Interpret the results from the manual review and static testing report. Identify steps to remedy the identified security vulnerabilities by creating an action list that documents how to fix each vulnerability in your Vulnerability Assessment Report. 3 attachments Slide 1 of 3 attachment_1 attachment_1 attachment_2 attachment_2 attachment_3 attachment_3 UNFORMATTED ATTACHMENT PREVIEW CS 305 Project One Artemis Financial Vulnerability Assessment Report 1 Table of Contents Document Revision History....................................................................................................................... 3 Client ......................................................................................................................................................... 3 Instructions ............................................................................................................................................... 3 Developer .................................................................................................................................................. 4 1. Interpreting Client Needs ...................................................................................................................... 4 2. Areas of Security ................................................................................................................................... 4 3. Manual Review...................................................................................................................................... 5 4. Static Testing ......................................................................................................................................... 5 5. Mitigation Plan ...................................................................................................................................... 5 2 Document Revision History Version Date 1.0 Author Jeffrey Dominguez 7-17-2020 Comments Client Instructions Deliver this completed vulnerability assessment report, identifying your findings of security vulnerabilities and articulating recommendations for next steps to remedy the issues you have found. Respond to the five steps outlined below and include your findings. Replace the bracketed text on all pages with your own words. If you choose to include images or supporting materials, be sure to insert them throughout. 3 Developer [Insert your name here] 1. Interpreting Client Needs Determine your client’s needs and potential threats and attacks associated with their application and software security requirements. Consider the following regarding how companies protect against external threats based on the scenario information: • What is the value of secure communications to the company? The Value of secure communication to a company is increased customer confidence. Secure communications affect more than just office emails. It affects the privacy or your customers too. • Are there any international transactions that the company produces? Artemis Financials’ does have internal transactions due to it being a web-based company. The transactions are consisted of the buying and selling of stock to make money for client’s savings, retirement, and investments. • Are there governmental restrictions about secure communications to consider? There are many governmental restrictions about making communications secure especially when dealing with money, stocks, and retirements. However, currently there is a bill to add back doors into all American communications which will not only delete privacy, it will open the software to unwanted (non-American Government) from hacking into and stealing any private information and/or money. • What external threats might be present now and in the immediate future? The current threats we are facing now and, in the future, include rival companies, non-US governments. The hacker group anonymous. With this information, security is extremely important for the company and the protection of its users. • What are the “modernization” requirements that must be considered, such as the role of open source libraries and evolving web application technologies? The modernization requirements include being making the company completely web based and adding extra security. This includes advancements in security and making the web application that works in a sand-boxed mode to ensure great security. The company can take advantage of a open source library to add more layers of protection and functionality to their program. 2. Areas of Security Referring to the Vulnerability Assessment Process Flow Diagram, identify which areas of security are applicable to Artemis Financials’ software application. Justify your reasoning for why each area is relevant to the software application. [Include your findings here.] 3. Manual Review 4 Continue working through the Vulnerability Assessment Process Flow Diagram. Identify all vulnerabilities in the code base by manually inspecting the code. [Include your findings here.] 4. Static Testing Run a dependency check on Artemis Financials’ software application to identify all security vulnerabilities in the code. Record the output from dependency check report. Include the following: a. The names or vulnerability codes of the known vulnerabilities b. A brief description and recommended solutions provided by the dependency check report c. Attribution (if any) that documents how this vulnerability has been identified or documented previously [Include your findings here.] 5. Mitigation Plan After interpreting your results from the manual review and static testing, identify the steps to remedy the identified security vulnerabilities for Artemis Financials’ software application. [Include your findings here.] 5 Vulnerability Assessment Process Flow snhu Architecture Review Analyze Application Architecture Input Validation APIs Cryptography Client /Server Code Error Code Quality Encapsulation Secure Input and Representations Secure API Interactions Encryption Use and Vulnerabilities Secure Distributed Composing Secure Error Handling Secure Coding Practices / Patterns Secure Data Structures Architecture review and optional output from static testing will determine which manual code reviews are necessary Code Review Code Review Controllers Code Review Views Code Review Code Review Code Review Code Review APIS Models Data Access Services Plug-Ins Summary of findings with mitigation plan O Purchase answer to see full attachment Tags: accounting computer science software security international transactions financial transactions User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.