Software Security Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?

Artemis Financial is a financial group the specializes in financial planning. The help their clients in the planning of such things like retirement, savings, investments, and insurance. They are looking to ensure that them and their clients are properly secured by using industry standards in security. Such things like data encryption and client/server validations.

What did you do very well when you found your client’s software security vulnerabilities? Why is it important to code securely?

I reviewed client's vulnerabilities and assessed if they we able to be addressed, or if a known fix was available. Examined the code given and determined if that code was a false positive. It’s important to code securely because our users rely on us to keep them safe while on our websites and applications. A user that doesn’t feel safe won’t be a user for much longer.

What value does software security add to a company’s overall wellbeing?

Software security can help guarantee users return repeatedly. It also allows a company to maintain normally daily operations, instead of shutting everything down to fix what has been compromised.

What part of the vulnerability assessment was challenging or helpful to you?

The most challenging part of vulnerability assessments was reading through the documentation to fully understand what issue was being highlighted. This involved sifting through several websites that may or may not have a solution. However, all the resources given were helpful at giving a 500-foot view at the underlining problem.

How did you increase layers of security? In the future, what would you use to assess vulnerabilities and decide which mitigation techniques to use?

I increased layers of security by adding different techniques of security to the same project. Like using a checksum to ensure the data hasn’t been tampered with and also using a validation certificate to determine if the data was being sent to the correct location so data did get in hacker’s possession.

How did you make certain the code and software application were functional and secure? After refactoring the code, how did you check to see whether you introduced new vulnerabilities?

I ensured the code was safe by running multiple dependency checks and making sure the number of vulnerabilities was being reduced after every refactoring.

What resources, tools, or coding practices did you use that might be helpful in future assignments or tasks? Employers sometimes ask for examples of work that you have successfully completed to show your skills, knowledge, and experience. What might you show future employers from this assignment?

The skills used with this assignment was the use of checksums, validation certificates, encryptions using SHA-256, and running dependency checks. I would show future employers the ability to use a dependency checks because the ability to find an error is more important in knowing how to fix the error. This is because there will always be new tactics hackers use to gain any information and research can be done to fix those tactics if the vulnerability is made aware.