Your Perfect Assignment is Just a Click Away

We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!

glass
pen
clip
papers
heaphones

CS 305 Southern New Hampshire Software Security Dependency Check

CS 305 Southern New Hampshire Software Security Dependency Check

Question Description

I’m working on a computer science project and need an explanation to help me study.

In this assignment you will conduct a dependency check, which is a type of static testing that detects vulnerabilities associated with library dependencies needed for the application. Static testing allows you to identify vulnerabilities in the code without actually executing the code. In this assignment, you will do the following:

  • Identify software security vulnerabilities by running code through a static tester.
  • Identify potential mitigation techniques that have been used to mitigate against vulnerabilities associated with known exploits.

Scenario

You are a senior software developer within a team of software developers that are responsible for a large web application that uses the Spring framework.

The software development team has addressed the vulnerabilities in the code base from your manual code review and plans to mitigate against the vulnerabilities. In addition to making these changes, they are now supporting a new functionality that requires the addition of a new library. As a best practice for ensuring secure code, it is essential to check the refactored code base as well as the additional library through a dependency check.

Fortunately, just as your compiler, interpreter, and integrated development environment help with syntax checking your code, there are tools to help with dependency checks. You will integrate a dependency check tool into your vulnerability assessment workflow.

Prompt

To begin, open the code base in Eclipse. Refer to the Uploading Files to Eclipse Desktop Version Tutorial for testing the code base in Eclipse. Then integrate the Maven Dependency Check plug-in for the code base.

Please note: “Integrating the Static Testing Tool” was a non graded task that you should have completed in the previous module, so you may have already completed these steps.

Follow the instructions in the Integrating the Maven Dependency Check Plug-in Tutorial to learn how to integrate and run the dependency check plug-in into Maven for conducting static testing. Use the instructions in the tutorial to identify the software security vulnerabilities. Specifically, address the following in a Static Testing Summary:

  • Run the dependency check on the code base. Include a screenshot of the HTML report in your Static Testing Summary. Be sure the screenshot includes the scan information at the top of the dependency check report.
  • In addition to showing that the dependency check ran effectively, document the results from the dependency check. Be sure to identify the codes and descriptions of the dependencies found by including these details for each dependency in your Static Testing Summary.
  • Interpret the results to identify widely accepted solutions for addressing dependencies in the code base. Summarize your findings in your Static Testing Summary. You can refer to industry standard guidelines such as the Common Vulnerabilities and Exposures (CVE) and the National Vulnerability Database (NVD). Consider why false positives should be filtered from the dependency check tool and discuss in your Static Testing Summary.

To learn about the dependencies and interpret the results from the report, click on each dependency listed as shown below:

Dependency check report. A box outlines the dependency header and an example link to the dependency description.

Information regarding the dependency description, its severity, and potential solutions will also be available from the NVD. Access this information by clicking on the corresponding Common Platform Enumeration (CPE), then select the Vulnerability ID.

Dependency check report. A box outlines the CPE header and an example link to the CPE description.

Search Results on the National Vulnerability Database website. A box outlines the Vuln ID header and an example link to the Vulnerability ID description.

Guidelines for Submission

Submit the completed Static Testing Summary using the template provided. Be sure to include a screenshot of the HTML output from the dependency check and summarize the dependency check results and potential solutions. Your completed summary should be 1–2 pages in length.

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: Gold Grades only hire the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Gold Grades are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Gold Grades is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Gold Grades, we have put in place a team of experts who answer all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.