CS305-SoftwareSecurity

Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?
Artemis Financial is a consulting firm that develops individualized financial plans for their customers. They wanted us to develop their web application and to also make it secure enough to deal with sensitive     personal and financial data.


What did you do very well when you found your client’s software security vulnerabilities? Why is it important to code securely? What value does software security add to a company’s overall wellbeing?
What I believe I did well was identifying the current vulnerabilities and identifying the false positives based on what came up within the NIST database. Secure coding is important as it helps in preventing        data theft and helps protect the company’s reputation when it comes to integrity and reliability.

What part of the vulnerability assessment was challenging or helpful to you?
Learning how to encorporate a suppression list was really helpful to me.


How did you increase layers of security? In the future, what would you use to assess vulnerabilities and decide which mitigation techniques to use?
I increased layers of security by generating a secure certificate that expires within a year. In the future, penetration testing should be involved to better assess vulnerabilities.

How did you make certain the code and software application were functional and secure? After refactoring the code, how did you check to see whether you introduced new vulnerabilities?
I made sure thaqt certain code and software applictions were functional and secure by re-running the dependency check, especially after new dependencies were added. Re-running is good after establishing a          suppression list.

What resources, tools, or coding practices did you use that might be helpful in future assignments or tasks?
The tools I used that would be helpful are definitely the OWASP Eclipse plugin. Not only will this help me with future assignments/tasks, but this also actually helped me get promoted within my job.


Employers sometimes ask for examples of work that you have successfully completed to show your skills, knowledge, and experience. What might you show future employers from this assignment?
I've actually shown the Vulernability assessment report to a coworker of mine while we were discussing his team using Tenable and how they compare and contrast.