The course follows has students work on security related technical artifacts and source code for a fictitious company in the financial sector, Artemis Financial.
I feel that I recognized key flaws in their development workflow, suggesting key changes that would align the efforts development teams and stakeholders towards
modern security practices. The resources put forth to students highlighted the importance of security practices in reducing the risk of project failure. I have
finished the course with greater insight into the tools and resources needed to incorporate security into all facets of the development process; and a good idea of
the current industry trends towards Development Security Operations and Secure Software Development Security Lifecycle, SSDLC.
digitalmaelstrom.net1
I made sure to take what I learned in software development lifecycles and software testing to speak to the client's needs and use my experience to guide the development experience towards maximizing
quality and collaboration. I highlighted not only factors such as legal constraints but also the impact of how integration best practices can lead to quality assurance in everything we do. Following tried
and proven security practices at all stages of the SDLC validates all the work we do and share with stakeholders and the user base at large. Security testing and implementation results in a
product that holds properties that lend themselves to being resilient and fault tolerant. We can hold our software to a set of rules that dictate how sure we are that the project will not fail through
the use of technical artifacts like vulnerability assessments. 2
The vulnerability assessment lends itself to the agile manifesto, where we are adding layer of communication between the community, the client, and the development team that focuses on the client's needs and security goals, and the various tests and planning required to realize those goals. These assignments added to other SNHU courses that used Java, like Operating Platforms, and helped me piece together how we can integrate security at the various levels of the software development lifecycle. For example, a piece of code that we reviewed had access to a mock database. It made me realize how precise the breadth of communication and organization needs to be to make sure that the right form of security is implemented. The assignments made me appreciate the level of teamwork needed to secure a project too.
The Vulnerability assessment is a summary of the methods employed to make suggestions to a client with respect to implementation of a security plan. This prepares students for future assignments
in SNHU’s secure coding course that focuses on secure coding policies. Students manually reviewed code for security flaws, in the fashion of the operating platforms and software testing course, considering how the code will be integrated into the final product. We then used automated tools geared towards static testing to identify vulnerabilities found in our project’s dependencies.
Ultimately, we drafted a mitigation plan and a secure software report in order for all parties involved to be aware of the standards of security that need to be implemented. These courses have really opened my eyes to the level of teamwork and communication required for communities and enterprises and governments to come together to work on projects and make sure they work as intended. In the end we must come together as a global community to put forth the appropriate specifications, implementations, and guidelines to be able to harness the power of the technologies of the future. I hope to someday contribute to the organizations that helped me work through this project like OWASP, Cloud Native Foundation, Oracle, and NIST. Without their up-to-date documentation and communications, I wouldn’t be up from down with respect to the security of a spring boot application and the methods implemented there in.