- Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?
- Artemis Financial is a consulting firm that develops individualized financial plans for their customers. They hired us to develop their public web application and make it secure enough to deal with the sensitive personal and financial data involved.
- What did you do particularly well in identifying their software security vulnerabilities? Why is it important to code securely? What value does software security add to a company’s overall wellbeing?
- I did well at identifying current vulnerabilities in the code base through the use of static testing. Secure coding is important to prevent data theft and to protect the company's reputation of integrity and reliability.
- What about the process of working through the vulnerability assessment did you find challenging or helpful?
- The dependency check tool was very helpful, saving a lot of time in detecting vulnerabilities automatically instead of having to manually check each dependency for vulnerabilities.
- How did you approach the need to increase layers of security? What techniques or strategies would you use in the future to assess vulnerabilities and determine mitigation techniques?
- In the future it should be necessary to do penetration testing to better assess vulnerabilities.
- How did you ensure the code and software application were functional and secure? After refactoring code, how did you check to see whether you introduced new vulnerabilities?
- It was necessary to re-run the dependency check if new dependencies were added. Otherwise, unit testing and manual code review can ensure functionality.
- What resources, tools, or coding practices did you employ that you might find helpful in future assignments or tasks?
- I used the Internet to research current practices and algorithms and found that very helpful.