Your team received an assignment to develop and deliver a new company Web application for outsourced suppliers to use as they help support your company’s production resources. The IT director recently returned from an OWASP conference in India and insists that the app will have strong security. As he walked out the door from your initial project briefing the IT director said, “I do not want to wait 200 days after an exploit to hear about it. If something happens, I want to know yesterday.”
The project specs require a multi-page design. The app will need to provide an interface to your company’s supply database for reading and entering data remotely as well the ability to contact, via the e-mail server, your company supply managers. In an effort to save money, management decided that the team will use some open source software library modules.
Fully discuss, in 3–5 pages, the process that your team would follow to create and deliver that Web application.
- Provide at least six steps in the SDLC during which security strengthening behaviors will be applied.
- Explain the specific security relevant actions taken during each step to include the people involved, the considerations taken and security assurance methods used.
- Identify and briefly explain at least three different security testing methods and indicate which methods analyze the app’s front end, source code, or vulnerabilities while the app is running. Justify when you would use each method.
- Explain at least six different vulnerabilities that could potentially affect your app and actions that your team could take to prevent each.
- Go to Basic Search: Strayer University Online Library to locate and use at least four quality sources in this assignment.
- This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.
The specific course learning outcome associated with this assignment is:
- Propose a strategy for securing the operation of a Web application.