Skip to content

Advanced Security Concepts Applied To Develop Secure Code

Notifications You must be signed in to change notification settings

taylorstapus/Software-Security

Repository files navigation

This respitory includes 2 projects with their respeceted word document temeplates that highlight specific steps completed within the projects

Project 1: -Desribing potential security threats and attacks -Use the vulnerablitiy assessment process flow diagram to idenitfy which areas for secuirty apply -identify all security vulnerabilities -intergrated dependency-check plug-in into Maven and run the code through the static test -interpert test results and created an action list to resolve the issues

Project 2:

  • Recommended and descirbed an encryption algorithm cipher to deploy
  • Generated a self-signed certificate using Java Keytool
  • Implemented the cryptographic hash algorithm with a checksum verification
  • Use maven dependency to run a dependency check report to list code vulnerablities

Personal Evaluation: Areas of these projects that I believe I did well was creating a dependency check with through maven and making sure a proper report is created. Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. I know how to review the report and detect false positives. I can also create a suppression file to hide false postives from the reports. I excelled in creating a self-signed certificate using Javakeytool with the purpose of validating the identity of the message author is accurate, the message was not altered during the transmission and the transferred message has been sent and received by the parties claiming to have shipped and accepted it. I struggled with creating a checksum verification that provides a secure hash link. I believe I did well with implementing a RestController and RequestingMapping but failed in proper execution.

Final Thoughts: By prioritizing cybersecurity, organizations can mitigate the risk of data breaches, financial losses and reputational damage. Whether you're an individual or an organization, understanding the importance of cybersecurity is fundamental to navigating the threat landscape safely and securely. Running dependecy check after adding new security measures is essential to make sure no new vulnerabilities were added. Following industries best practices helps prevents more security issues.

Releases

No releases published

Packages

No packages published