Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?
Artemis Financial is a consulting firm that develops individualized financial plans for their customers. They hired us to develop their public web application and make it secure because it deals with sensitive, personal and financial data.
What did you do particularly well in identifying their software security vulnerabilities? Why is it important to code securely? What value does software security add to a company’s overall wellbeing?
Identifying current vulnerabilities in the code base using static testing is something I did well with. Secure coding is important to prevent data theft and to protect the reputation of the company.
What about the process of working through the vulnerability assessment did you find challenging or helpful?
The dependency check tool saved a lot of time in detecting vulnerabilities automatically without having to do it manually.
How did you approach the need to increase layers of security? What techniques or strategies would you use in the future to assess vulnerabilities and determine mitigation techniques?
In the future it should be necessary to do penetration testing to better assess vulnerabilities.
How did you ensure the code and software application were functional and secure? After refactoring code, how did you check to see whether you introduced new vulnerabilities?
Running the dependency check again if new dependencies were added is something that needs to be done. While, unit testing and manual code review can make sure it is working.
What resources, tools, or coding practices did you employ that you might find helpful in future assignments or tasks?
I used the Internet to research current practices and algorithms and found that very helpful