Competencies

In this project, you will demonstrate your mastery of the following competencies:

Write secure communications through the application of current encryption technologies and techniques

Design and implement code that complies with software security testing protocols

• Scenario
• You work as a developer for a software engineering company, Global Rain, that specializes in custom software design and development. The software is for entrepreneurs, businesses, and government agencies around the world. Part of the company’s mission is that “Security is everyone’s responsibility.” Global Rain has promoted you to their new agile scrum team.

At Global Rain, you work with a client, Artemis Financial, a consulting company that develops individualized financial plans for their customers. The financial plans include savings, retirement, investments, and insurance.

Artemis Financial wants to modernize their operations. As a crucial part of the success of their custom software, they also want to use the most current and effective software security. Artemis Financial has a public web interface. They are seeking Global Rain’s expertise about how to protect their client data and financial information.

Specifically, Artemis Financial wants to add a file verification step to their web application to ensure secure communications. When the web application is used to transfer data, they will need a data verification step in the form of a checksum. You must take their current software application and add secure communication mechanisms to meet their software security requirements. You’ll deliver a production quality integrated application that includes secure coding protocols.

Directions

You must examine Artemis Financial’s software to address any security vulnerabilities. This will require you to refactor the Project Two Code Base, linked in the Supporting Materials section, to add functionality to meet software security requirements for Artemis Financial’s application. Specifically, you’ll need to follow the steps outlined below to facilitate your findings, address and remedy all areas, and use the Project Two Template, linked in What to Submit, to document your work for your practices for secure software report. You will also submit zipped files that contain the refactored code.

Algorithm Cipher: Recommend an appropriate encryption algorithm cipher to deploy, given the security vulnerabilities, and justify your reasoning. Review the scenario and the supporting materials to support your recommendation. In your practices for secure software report, be sure to address the following:

Provide a brief, high-level overview of the encryption algorithm cipher.

Discuss the hash functions and bit levels of the cipher.

Explain the use of random numbers, symmetric versus non-symmetric keys, and so on.

1. Describe the history and current state of encryption algorithms.

Certificate Generation: Generate appropriate self-signed certificates using the Java Keytool in Eclipse.

To demonstrate that the certificate was correctly generated:

1. Export your certificates (CER file).
2. Submit a screenshot of the CER file in your practices for secure software report.
3. Deploy Cipher: Deploy and implement the cryptographic hash algorithm by refactoring code. Demonstrate functionality with a checksum verification.
4. Submit a screenshot of the checksum verification in your practices for secure software report. The screenshot must show your name and a unique data string that has been created.
5. Secure Communications: Verify secure communication. In the application. properties file, refactor the code to convert HTTP to the HTTPS protocol. Compile and run the refactored code. Then once the server is running, type https://localhost:8443/hash in a new browser to demonstrate that the secure communication works successfully.

Create a screenshot of the web browser that shows a secure webpage and include it in your practices for secure software report.

Secondary Testing: Run a secondary static testing of the refactored code using the OWASP Dependency-Check Maven (see Supporting Materials) to ensure code complies with software security enhancements. You need to focus on only the code you have added as part of the refactoring. Complete the dependency check and review the output to ensure you did not introduce additional security vulnerabilities. Include the following in your practices for secure software report:

1. A screenshot of the refactored code executed without errors

A screenshot of the report of the output from the dependency-check static tester

1. Functional Testing: Identify the software application’s syntactical, logical, and security vulnerabilities by manually reviewing code.
2. Complete this functional testing and include a screenshot of the refactored code, executed without errors, in your practices for secure software report.
3. What if I receive errors or new vulnerabilities?
   You will need to iterate on your design and refactored code, address vulnerabilities, and retest until no new vulnerabilities are found.

Summary: Discuss how the code has been refactored and how it complies with security testing protocols. In the summary of your practices for secure software report, be sure to address the following:

Refer to the Vulnerability Assessment Process Flow Diagram. Highlight the areas of security that you addressed by refactoring the code.

1. Discuss your process for adding layers of security to the software application.
2. Industry Standard Best Practices: Explain how you applied industry standard best practices for secure coding to mitigate against known security vulnerabilities. Be sure to address the following:

Explain how you used industry standard best practices to maintain the software application’s current security.

Explain the value of applying industry standard best practices for secure coding to the company’s overall wellbeing.