Question

In: Computer Science

1. Interpreting Client Needs Determine your client’s needs and potential threats and attacks associated with their...

1. Interpreting Client Needs

Determine your client’s needs and potential threats and attacks associated with their application and software security requirements. Consider the following regarding how companies protect against external threats based on the scenario information:

  • What is the value of secure communications to the company?
  • Are there any international transactions that the company produces?
  • Are there governmental restrictions about secure communications to consider?
  • What external threats might be present now and in the immediate future?
  • What are the “modernization” requirements that must be considered, such as the role of open source libraries and evolving web application technologies?

2. Areas of Security

Referring to the Vulnerability Assessment Process Flow Diagram, identify which areas of security are applicable to Artemis Financial’s software application. Justify your reasoning for why each area is relevant to the software application.

3. Manual Review

Continue working through the Vulnerability Assessment Process Flow Diagram. Identify all vulnerabilities in the code base by manually inspecting the code.

4. Static Testing

Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code. Record the output from dependency check report. Include the following:

  1. The names or vulnerability codes of the known vulnerabilities
  2. A brief description and recommended solutions provided by the dependency check report
  3. Attribution (if any) that documents how this vulnerability has been identified or documented previously

5. Mitigation Plan

After interpreting your results from the manual review and static testing, identify the steps to remedy the identified security vulnerabilities for Artemis Financial’s software application.

==========CUDE.java==========

package com.twk.restservice;

public class CRUD {
   private final String content;
private final String content2;

public CRUD(String content) {
this.content = content;
this.content2 = content;
}

public CRUD(String content1, String content2) {
this.content = content1;
this.content2 = content2;
}

public String getContent() {
return content;
}

public String getContent2() {
return content2;
}

}
=============CUDEController==========

package com.twk.restservice;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController

public class CRUDController {


@RequestMapping("/read")
public CRUD CRUD(@RequestParam(value="business_name") String name) {
DocData doc = new DocData();
  
return new CRUD(doc.toString());
}

}
=========customer.java=========

package com.twk.restservice;

public class customer {
   private int account_number;
int account_balance;

public int showInfo() {
//code to show customer information
   return this.account_number;
}

public void deposit(int a) {
account_balance = account_balance + a;
}
}
=======myDateTime.java========

package com.twk.restservice;

public class myDateTime {
   int mySecond;
   int myMinute;
   int myHour;
  
   int[] retrieveDateTime() {
       /* implement accessor method */
       return new int[3];
   }
  
   void setMyDateTime(int seconds, int minutes, int hour) {
       /* implement accessor method */
   }

}

===========RestServiceApplication.java=======

package com.twk.restservice;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class RestServiceApplication {

   public static void main(String[] args) {
       SpringApplication.run(RestServiceApplication.class, args);
   }

}
======DocDate.java=====

package com.twk.restservice;

import java.sql.*;

public class DocData {
private String id;


public DocData()
{
}

public String getId()
{
   return id;
}

public void read_document(String key, String value)
{
   /* implement read method */
   //Class.forName("com.mysql.jdbc.Driver");
   try {
           Connection con=DriverManager.getConnection(
           "jdbc:mysql://localhost:3306/test","root","root");
       } catch (SQLException e) {
           // TODO Auto-generated catch block
           e.printStackTrace();
       }
   //here test is database name, root is username and password
}   

}

======Greeting.java=====

package com.twk.restservice;

public class Greeting {
   private final long id;
   private final String content;

   public Greeting(long id, String content) {
       this.id = id;
       this.content = content;
   }

   public long getId() {
       return id;
   }

   public String getContent() {
       return content;
   }
}

======GreetingController.java=====

package com.twk.restservice;

import java.util.concurrent.atomic.AtomicLong;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class GreetingController {

   private static final String template = "Hello, %s!";
   private final AtomicLong counter = new AtomicLong();

   @GetMapping("/greeting")
   public Greeting greeting(@RequestParam(value = "name", defaultValue = "World") String name) {
       return new Greeting(counter.incrementAndGet(), String.format(template, name));
   }
  
}

Solutions

Expert Solution

Secure communication means the company is using the secure protocol and secure data communication technique to send and recieve the data between the server and client , secure communication ensures that there is no loss of data like the data is not being hampered by anyone in the middle of the communication and the trusted user gets it.

Company may produeces international transaction if someone access the data from their .

there are no governemnt restriction on secure communcation , even the government promotes the company to have a secure communication so as to protect the data and privacy of the user.

External threats llike the company data might get vulnerable to the attacker as the securitand hacker's ability are advanicng day by day and company needs to work on their security means.

modernization like the advancement in the security , web application that work in sand-boxed mode to ensure great security and company can also make use of open source library to add a layer of functionality to their program .


Related Solutions

After an initial analysis of your client’s potential security threats, the management has agreed to secure...
After an initial analysis of your client’s potential security threats, the management has agreed to secure its remote access to internal resources by rolling out a VPN and firewall solution. The client’s management team has asked that you present two proposals: an entry level and high end. For the entry level solution, feel free to look into open source technologies. For the premium recommendations, look into products from Cisco or F5. Please remember that the target audience is a non-technical...
Create a profile of a young client with symptoms associated with celiac disease. Identify potential treatment...
Create a profile of a young client with symptoms associated with celiac disease. Identify potential treatment or family management options of celiac disease.
As the RN caring for a client with heart failure, 1.how would you evaluate the client’s...
As the RN caring for a client with heart failure, 1.how would you evaluate the client’s physical assessment findings to determine if the client was experiencing left-sided heart failure, right-sided heart failure, or bi-ventricular failure? 2.What key features of the assessment would be the nurse’s priority? 3.How will the RN evaluate the effectiveness of these medications? 4.what would your teachings be for this patient?
Potential solution 1: Describe the potential solution for environmental threats to mutualism, commensalism and parasitism. Give...
Potential solution 1: Describe the potential solution for environmental threats to mutualism, commensalism and parasitism. Give details as to who is in charge of this potential solution, what they are trying to do, and what their goals are.
Your client chooses to invest 40% in your portfolio (p) and 60% (f) in the risk-free asset. What is the standard deviation of your client’s portfolio?
You are a manager of a risky portfolio (consists of bonds and stocks) with an expected return E(rp) = 8% and standard deviation stdevp = 12%. The risk free rate rf = 2% and the standard deviation of the risk free asset is stdevf = 0% 7. Your client chooses to invest 40% in your portfolio (p) and 60% (f) in the risk-free asset. What is the expected return?1. Your client chooses to invest 40% in your portfolio (p) and...
Assume you are a financial adviser, and one of your clients needs your help. The client...
Assume you are a financial adviser, and one of your clients needs your help. The client wishes to invest part of her capital in a risky fund with an expected return of 16% and standard deviation of 15%, and the rest of her capital in the risk-free rate, which is 3%. If the client wants the expected return of her total investments to be 7%, what percentage of her capital must be invested in the risky fund?
1. Describe the major threats in doing business in global markets? 2. Discuss the disadvantages associated...
1. Describe the major threats in doing business in global markets? 2. Discuss the disadvantages associated with offshore outsourcing? Include examples in your responses. 3. Describe the differences between compliance and integrity-based ethics. Include examples is your analysis. 4. Why is it importance for businesses to giving back to the community? Discuss the long-term economic benefits companies receive for their philanthropic activities.
1. Write a detailed article on Evolution of attacks on the internet & web [your article...
1. Write a detailed article on Evolution of attacks on the internet & web [your article should cover HTTP, HTTPS, HTML, URL related] 2.What is a Unicode Homograph attack? Present your study with a detailed analysis
choose one of the components in your project management plan and evaluate potential problems associated with...
choose one of the components in your project management plan and evaluate potential problems associated with that particular aspect of the project; for example: project scope, scheduling, budgeting, procurement, or communications. Use the appropriate professional and scholarly literature to support your risk assessment. As part of your answer, apply your assessment to the actual workplace project or project scenario you have chosen to use for your course project. In addition, share any applicable personal or professional experience.
Financial Forecasting: To determine potential future financial needs, one must generate a plan based not only...
Financial Forecasting: To determine potential future financial needs, one must generate a plan based not only on past relationships but also on reasonable future projections. Using ratios to help formulate a forecast where sales drive results is an important step in the planning process. The financial planning models generated by forecasting activities help synthesize the financial manager's thinking about financial, as well as operational, relationships. To generate an estimate of future funding needs, financial planning models use the traditional financial...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT