Question

Case Study Project – PART I

Overview

The purpose of the case study project is to get you acquainted with the security challenges of a real, complex, messy software product. In class, you will be learning about security ideals,   and best practices. In the case study, you will see how those ideals are applied, or not applied.

This case study is designed to help you in two key ways: investigation and co-authorship. The investigative part of this project is to help you to learn about software projects from the outside in. This means reading bug reports, documentation, mailing lists, commit logs, and anything else you can get your hands on to understand what's going on. The co-authorship part of this project is to help you learn what it's like to describe complex arguments (i.e. specific security risks) to a technical, yet non-security-minded audience. The "co-" part is to help you learn how to write much like how you've learned how to code... communicating, coordinating, know when to work alone, know when to work collaboratively, giving good feedback, and reacting to feedback.

Case Study Proposal

Phase 1:

As a team, choose a case study project. Choosing a project may take some effort, as not every project out there makes a good candidate. Here are the minimum requirements for a good case study:

• Must have a domain that has significant security risks
• Non-trivial. The larger the better. Minimum of 10k lines of code or 20 developers. You will not need get this system to build.
• Must be actually used in production
• Source code must be available
• Must have had a list of reported vulnerabilities. The more detailed the records, the better (e.g. do they trace to bugs and source code patches?)

In your proposal, include the following:

• The names of each team member
• Project overview.
  • What is the product used for?
  • What is the development team like?
  • How often does the project release?
• Security Risks. This section can be very brief
  • What kinds of data does this product protect?
  • What are the ramifications of this software is compromised?
• Provide links (using just a regular hyperlink) to the project website, the source code repository, issue tracker, past vulnerabilities, and any other relevant information.

Submission

For this proposal, create a document called "X Case Study Proposal".

Grading scheme (10marks)

• 6marks - Submit a case study proposal naming a project.
• 1mark- Project matches the minimum criteria
• 3marks - Proposal demonstrates a surface-level understanding of the project security risks

minimum words or number of pages for the project proposal? it is not project proposal it is just final project of one course which is 15 marks and the minimum pages are 10 pages and maximum 15 pages . It is about software vulnerability case study.

Answer 1

Univeristy management case study :

In the view of the global pandemic due to COVID-19 , the univeristy has decided to upgrade it previous univeristy management system for the more learning management feature to be incorporated, Like the university has decide to open it next semester studies , the student will be able to register for thenext semester using the system , the system will allow the student to attend the classes online using the system , the student will be able to enroll in the courses , view marks , view assignment and submit assignment using the same platform and will be able to interact with teacher and other classmate to have more engagement of the student by alowing them to interact with each other, for this purpose the univeristy has hired a development of 50 member which consist of designer , backend developer , frontend developers , etc,. The system should be developed within a course of 3 month to restart the fallen education system of the univeristy and restart the studies of the student and it will be updated and maintained at regualr in the view of the bugs and errors. the risk assocaited with system is that the system might not be abe to handle the number of student estimated at a given time and there are security risk such as the student might try to hack into the system to update marks or other things , other risk can be that if the system is not developed at the time given than the univeristy will facing the loss as they announced a date for the commencement of the next semester. the system will be using the older database that contain the information of the student , tehir corresponding details about the year , courses , and it will be also having the details of the teache to allocate the classes and courses to the teacher to teach the class , these system needs to protect the details of all the student and teacher along with corresponding about the attendance, marks .If the system is not developed with proper developement model and does not have the security feature to protect the data of the user than the system compromise could result in total data loss and system failure , the attacker could use the data for its purpose.As th leader of the developer team it is development responsibility to ensure the system works efficientlt and have proper security protocol.