Question

1. Interpreting Client Needs

Determine your client’s needs and potential threats and attacks associated with their application and software security requirements. Consider the following regarding how companies protect against external threats based on the scenario information:

• What is the value of secure communications to the company?
• Are there any international transactions that the company produces?
• Are there governmental restrictions about secure communications to consider?
• What external threats might be present now and in the immediate future?
• What are the “modernization” requirements that must be considered, such as the role of open source libraries and evolving web application technologies?

2. Areas of Security

Referring to the Vulnerability Assessment Process Flow Diagram, identify which areas of security are applicable to Artemis Financial’s software application. Justify your reasoning for why each area is relevant to the software application.

3. Manual Review

Continue working through the Vulnerability Assessment Process Flow Diagram. Identify all vulnerabilities in the code base by manually inspecting the code.

4. Static Testing

Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code. Record the output from dependency check report. Include the following:

1. The names or vulnerability codes of the known vulnerabilities
2. A brief description and recommended solutions provided by the dependency check report
3. Attribution (if any) that documents how this vulnerability has been identified or documented previously

5. Mitigation Plan

After interpreting your results from the manual review and static testing, identify the steps to remedy the identified security vulnerabilities for Artemis Financial’s software application.

==========CUDE.java==========

package com.twk.restservice;

public class CRUD {
   private final String content;
private final String content2;

public CRUD(String content) {
this.content = content;
this.content2 = content;
}

public CRUD(String content1, String content2) {
this.content = content1;
this.content2 = content2;
}

public String getContent() {
return content;
}

public String getContent2() {
return content2;
}

}
=============CUDEController==========

package com.twk.restservice;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController

public class CRUDController {

@RequestMapping("/read")
public CRUD CRUD(@RequestParam(value="business_name") String name) {
DocData doc = new DocData();
  
return new CRUD(doc.toString());
}

}
=========customer.java=========

package com.twk.restservice;

public class customer {
   private int account_number;
int account_balance;

public int showInfo() {
//code to show customer information
   return this.account_number;
}

public void deposit(int a) {
account_balance = account_balance + a;
}
}
=======myDateTime.java========

package com.twk.restservice;

public class myDateTime {
   int mySecond;
   int myMinute;
   int myHour;
  
   int[] retrieveDateTime() {
       /* implement accessor method */
       return new int[3];
   }
  
   void setMyDateTime(int seconds, int minutes, int hour) {
       /* implement accessor method */
   }

}

===========RestServiceApplication.java=======

package com.twk.restservice;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class RestServiceApplication {

   public static void main(String[] args) {
       SpringApplication.run(RestServiceApplication.class, args);
   }

}
======DocDate.java=====

package com.twk.restservice;

import java.sql.*;

public class DocData {
private String id;

public DocData()
{
}

public String getId()
{
   return id;
}

public void read_document(String key, String value)
{
   /* implement read method */
   //Class.forName("com.mysql.jdbc.Driver");
   try {
           Connection con=DriverManager.getConnection(
           "jdbc:mysql://localhost:3306/test","root","root");
       } catch (SQLException e) {
           // TODO Auto-generated catch block
           e.printStackTrace();
       }
   //here test is database name, root is username and password
}   

}

======Greeting.java=====

package com.twk.restservice;

public class Greeting {
   private final long id;
   private final String content;

   public Greeting(long id, String content) {
       this.id = id;
       this.content = content;
   }

   public long getId() {
       return id;
   }

   public String getContent() {
       return content;
   }
}

======GreetingController.java=====

package com.twk.restservice;

import java.util.concurrent.atomic.AtomicLong;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class GreetingController {

   private static final String template = "Hello, %s!";
   private final AtomicLong counter = new AtomicLong();

   @GetMapping("/greeting")
   public Greeting greeting(@RequestParam(value = "name", defaultValue = "World") String name) {
       return new Greeting(counter.incrementAndGet(), String.format(template, name));
   }
  
}

Answer 1

Secure communication means the company is using the secure protocol and secure data communication technique to send and recieve the data between the server and client , secure communication ensures that there is no loss of data like the data is not being hampered by anyone in the middle of the communication and the trusted user gets it.

Company may produeces international transaction if someone access the data from their .

there are no governemnt restriction on secure communcation , even the government promotes the company to have a secure communication so as to protect the data and privacy of the user.

External threats llike the company data might get vulnerable to the attacker as the securitand hacker's ability are advanicng day by day and company needs to work on their security means.

modernization like the advancement in the security , web application that work in sand-boxed mode to ensure great security and company can also make use of open source library to add a layer of functionality to their program .