In: Computer Science
1. Interpreting Client Needs
Determine your client’s needs and potential threats and attacks associated with their application and software security requirements. Consider the following regarding how companies protect against external threats based on the scenario information:
2. Areas of Security
Referring to the Vulnerability Assessment Process Flow Diagram, identify which areas of security are applicable to Artemis Financial’s software application. Justify your reasoning for why each area is relevant to the software application.
3. Manual Review
Continue working through the Vulnerability Assessment Process Flow Diagram. Identify all vulnerabilities in the code base by manually inspecting the code.
4. Static Testing
Run a dependency check on Artemis Financial’s software application to identify all security vulnerabilities in the code. Record the output from dependency check report. Include the following:
5. Mitigation Plan
After interpreting your results from the manual review and static testing, identify the steps to remedy the identified security vulnerabilities for Artemis Financial’s software application.
==========CUDE.java==========
package com.twk.restservice;
public class CRUD {
private final String content;
private final String content2;
public CRUD(String content) {
this.content = content;
this.content2 = content;
}
public CRUD(String content1, String content2) {
this.content = content1;
this.content2 = content2;
}
public String getContent() {
return content;
}
public String getContent2() {
return content2;
}
}
=============CUDEController==========
package com.twk.restservice;
import
org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class CRUDController {
@RequestMapping("/read")
public CRUD CRUD(@RequestParam(value="business_name") String name)
{
DocData doc = new DocData();
return new CRUD(doc.toString());
}
}
=========customer.java=========
package com.twk.restservice;
public class customer {
private int account_number;
int account_balance;
public int showInfo() {
//code to show customer information
return this.account_number;
}
public void deposit(int a) {
account_balance = account_balance + a;
}
}
=======myDateTime.java========
package com.twk.restservice;
public class myDateTime {
int mySecond;
int myMinute;
int myHour;
int[] retrieveDateTime() {
/* implement accessor method
*/
return new int[3];
}
void setMyDateTime(int seconds, int minutes, int hour)
{
/* implement accessor method
*/
}
}
===========RestServiceApplication.java=======
package com.twk.restservice;
import org.springframework.boot.SpringApplication;
import
org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class RestServiceApplication {
public static void main(String[] args) {
SpringApplication.run(RestServiceApplication.class, args);
}
}
======DocDate.java=====
package com.twk.restservice;
import java.sql.*;
public class DocData {
private String id;
public DocData()
{
}
public String getId()
{
return id;
}
public void read_document(String key, String value)
{
/* implement read method */
//Class.forName("com.mysql.jdbc.Driver");
try {
Connection
con=DriverManager.getConnection(
"jdbc:mysql://localhost:3306/test","root","root");
} catch (SQLException e) {
// TODO
Auto-generated catch block
e.printStackTrace();
}
//here test is database name, root is username and
password
}
}
======Greeting.java=====
package com.twk.restservice;
public class Greeting {
private final long id;
private final String content;
public Greeting(long id, String content) {
this.id = id;
this.content = content;
}
public long getId() {
return id;
}
public String getContent() {
return content;
}
}
======GreetingController.java=====
package com.twk.restservice;
import java.util.concurrent.atomic.AtomicLong;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class GreetingController {
private static final String template = "Hello,
%s!";
private final AtomicLong counter = new
AtomicLong();
@GetMapping("/greeting")
public Greeting greeting(@RequestParam(value = "name",
defaultValue = "World") String name) {
return new
Greeting(counter.incrementAndGet(), String.format(template,
name));
}
}
Secure communication means the company is using the secure protocol and secure data communication technique to send and recieve the data between the server and client , secure communication ensures that there is no loss of data like the data is not being hampered by anyone in the middle of the communication and the trusted user gets it.
Company may produeces international transaction if someone access the data from their .
there are no governemnt restriction on secure communcation , even the government promotes the company to have a secure communication so as to protect the data and privacy of the user.
External threats llike the company data might get vulnerable to the attacker as the securitand hacker's ability are advanicng day by day and company needs to work on their security means.
modernization like the advancement in the security , web application that work in sand-boxed mode to ensure great security and company can also make use of open source library to add a layer of functionality to their program .