Determining Secure Software Creation Methods

Determining Secure Software Creation Methods

Previous weeks have provided a foundation and extended your learning to include both the requirements as well as secure software design. These planning phases provide vital guidance to leverage best practices and adapt to specific requirements of the environment. The planning will not only provide improved outcomes but also reduce costs. There will also be timeline benefits.

Your objective this week is to become capable of leading software development teams in the construction of the software solution so that it will be secure. You need to research programming languages and vulnerabilities such as cross-site scripting, buffer overflows, and many other risky options. In addition, draw on earlier learning regarding the problems resulting from the inclusion of code sourced externally within your own software or by way of integrated modules.

You should review programming techniques to create safe software from input validation through error handling, session management concurrency, and resistance to external tempering. The creation of software should also leverage good processes such as version control, peer reviews, and program environmental controls.

Assignment : Determine a Secure Software Architecture and Technology Approach

REFERENCE

Books and Resources for this Week

• Paul, M. (2014). Official (ISC)2 guide to the CSSLP CBK (2nd ed.). Boca Raton, FL: CRC Press.
• Black, P. E., & Fong, E. (2016). NIST Special Publication 500-320: Report of the workshop on software measures and metrics to reduce security…
• Cass, S. (2018). The 2018 top programming languages: Python stays on top, and Assembly enters the top ten.
• Meng, X., Qian, K., Lo, D., Bhattacharya, P., & Wu, F. (2018). Secure mobile software development with vulnerability detectors in static code analysis

Instructions

Part 1: Evaluate Programming Languages – a Rubric (8 Points)

Security issues inherent in the programming languages and standard libraries used to write software could lead to security holes that even the best security development plan can fail to identify. Therefore, it is important to understand which languages have the most intrinsic security problems embedded in them. There are a lot of data ranking languages on security, but there are several different criteria used to rank them.

Formulate a rubric to evaluate the security of a programming language. Your rubric should have at least five criteria and four performance levels (e.g., Excellent, Acceptable, Marginal, Poor). Include a description for each criterion and each level; be sure to explain exactly how the language is to be evaluated. Justify each criterion with a brief explanation for its inclusion, and then support its inclusion with appropriate scholarly references.

Next, use your rubric to evaluate 10 programming languages in use today. Present your findings and any interesting results.

Part 1 Length:

• Provide a brief introduction.

• Include criteria justifications: 250-500 words per criterion (at least 1,250 words for this total) as a narrative before your table.

• Include performance levels: at least 25 words per criterion and level (225 words total) as a narrative before your table.

• Provide a rubric: Provide a simple table with keywords for your headings and labels. Add the languages to the appropriate locations in the table. Be brief so that the table fits into the Word document. You can change to landscape mode for the table. (Narratives should maintain portrait orientation.)
• Include findings, interpretation, and preferred option (500-1,000 words), provided after your table.
• Add your references on an additional page at the end of the entire document.

Part 1 References: Cite and reference all 10 program tools and add at least 4 additional quality sources. All additional references should have been published in the last 5 years. You may add further quality references. All your references should be in a consolidated list at the end of your document where you integrate the references for both Part 1 and Part 2.

Part 2: Evaluate a Specific Programming Language (5 Points)

There are many examples of insecure code on the Internet and in scholarly articles presented as examples of what not to do. Find one of these examples of bad code, and then use your learning in this course to submit a quality report that includes the following elements:

• A brief description of the code and its purpose
• A summary explaining the overall security of the code and highlights of major issues
• An inventory of all vulnerabilities in the code with the following information for each vulnerability:

• • File name where the vulnerability is located
  • Line number or function name where the vulnerability is located
  • An explanation of the vulnerability and potential exploits
  • Steps that should be taken to eliminate the vulnerability

Part 2 Length: 3-5 pages excluding the code, title pages, and references.

Part 2 References: Cite and reference your sample as well as 2 other quality sources. Your references should be part of a consolidated list at the end of your document. All references should have been published in the last 5 years. You may add additional quality references.

Your evaluation should demonstrate thoughtful consideration of the ideas and concepts presented in the course and provide new thoughts and insights relating directly to this topic. Your response should reflect scholarly writing and current APA standards.

NOTE:

1. All paper assignments should include a properly formatted APA title page. Via the Academic Success Center I have provided a link to Academic Writer to help you see how a title page should look: https://academicwriter-apa-org.proxy1.ncu.edu/

1. All papers are run through TurnItIn.com. It is imperative that you understand the university’s academic integrity policy. Unintentional plagiarism is still plagiarism; make sure you properly cite your sources….when in doubt….cite! A good resource regarding citations is the Purdue OWL: https://owl.english.purdue.edu/owl/resource/560/02/