Security and Network Security Assignment Solution - University

Verified

Added on 2020/03/16

AI Summary

This document presents a comprehensive solution to a security and network assignment, addressing key aspects of modern cybersecurity. The solution begins by exploring the security challenges posed by Web 2.0 technologies, including authentication issues, cross-site scripting vulnerabilities, and injection attacks. It then delves into software development processes, outlining the phases of the software development life cycle and emphasizing the importance of secure coding practices. The assignment further highlights five crucial security considerations during coding, such as securing designs, managing complexity, implementing defense layers, controlling privileges, and utilizing robust testing mechanisms. Use case diagrams are provided to illustrate access privileges and testing mechanisms. Finally, the solution includes a detailed code walkthrough, outlining the steps and questions involved in reviewing code for security vulnerabilities. The document references several academic sources to support its findings and provide a well-rounded understanding of the subject matter.

Running head: SECURITY AND NETWORK
Security and network
Name of the student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SECURITY AND NETWORK
Answer to question 1:
The technological advances made by the adoption of Web 2.0 techniques have made
great innovations among the general population. However, this is also the reason for the
concerned population to become vulnerable to cyber attacks. There are various ways where the
Web 2.0 is changing the security related mechanisms in the internet.
The first security challenge is the lack of appropriate authentication methods. This
implies that the contents in Web 2.0 applications are not authenticated well enough (Fuchs et al.,
2013). This can lead to the hackers getting access to them by spending minimum resources to
achieve that.
Another security challenge is the vulnerability in cross site scripting. This enables the
malicious inputs sent by the attackers to be stored in the system and displayed to the common
users. This is another problem which is the main cause for security challenges.
In addition, the injection attacks are also another security challenges. The XML injection
or the XPath injections are the most common methods which are used to pose injection threats to
the system.
Answer to question 2:
The software model is used for the development approaches to be taken for the
development of software development processes. The main involvement of this method includes
the step by step method to be followed for the development of software. The requirements are
made as designs which are then translated into codes.
The requirement phase includes the analysis of the consideration to be taken before the
development of the project (Mishra & Dubey, 2013). The design phase of the process involves

2SECURITY AND NETWORK
the planning of the system. This involves the generation of the design parameters to be integrated
into the software. The coding phase analyses the designs and translates it into the codes. The
testing phase generates the testing of the software. It is done by beta testing or use case diagrams.
The last phase is the deployment phase where the software is deployed to various users. The
major relationship among the various phases is listed below:
Fig 1: Software development process
(Source: Created by the author)
Answer to question 3:
Due to the advancement of technologies, the need for a secure coding is essential to keep
up with the increasing trends in cyber attacks. Thus, it is needed to consider the security checks
during coding (Fuggetta & Di Nitto, 2014). The five security issues included are:

3SECURITY AND NETWORK
1. Securing designs: This is to be done to secure the coding schemes to protect against
injection attacks or other vulnerabilities.
2. Complexity: The complexity of the code is to be removed which allows the developer to
address the codes whenever required.
3. Defense layers: This is also to be referenced as the software codes need to have a defense
mechanism to keep mal-practices at a check.
4. Privileges: The access to the system is also to be addressed as the minimum access must
be given to end users so that the security is not hampered.
5. Testing mechanisms: The software is to be checked and tested to allow smooth
operations without failures.
Answer to question 4:
Fig 2: Use case for access privilege
(Source: Created by the author)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4SECURITY AND NETWORK
Fig 3: Use case for testing mechanisms
(Source: Created by the author)
Answer to question 5:
This section is used to develop a code walkthrough (Wang et al., 2012). The worksheet
for such methods includes various questions to be followed. These are:
1. Display the code out from the control. If it is running, then continue, else the review has
to be stopped.
2. Execute the unit. If the program runs, continue, else the review has to be stopped.
3. Check the coverage. If average is greater than 60%, continue, else the review has to be
stopped.
4. Check the metrics of the code. If it complies with the standards, continue, else the review
has to be stopped.
5. Run the static code. If no error or warnings is showed, continue, else the review has to be
stopped.

5SECURITY AND NETWORK
References:
Fuchs, C., Boersma, K., Albrechtslund, A., & Sandoval, M. (Eds.). (2013). Internet and
surveillance: The challenges of Web 2.0 and social media (Vol. 16). Routledge.
Fuggetta, A., & Di Nitto, E. (2014, May). Software process. In Proceedings of the on Future of
Software Engineering (pp. 1-12). ACM.
Mishra, A., & Dubey, D. (2013). A comparative study of different software development life
cycle models in different scenarios. International Journal of Advance research in
computer science and management studies.
Wang, Y., Li, H., Feng, Y., Jiang, Y., & Liu, Y. (2012). Assessment of programming language
learning based on peer code review model: Implementation and experience
report. Computers & Education, 59(2), 412-422.