...Build a Web Applications and Security Development Life Cycle Plan What are the elements of a successful SDL? The elements of a successful SDL include a central group within the company (or software development organization) that drives the development and evolution of security best practices and process improvements, serves as a source of expertise for the organization as a whole, and performs a review (the Final Security Review or FSR) before software is released. What are the activities that occur within each phase? Training Phase- Core Security Training Requirements Phase- Establish security requirements, create Quality Gates/Bug Bars, perform Privacy Risk assesments. Design Phase-Establish Design Requirements, perform Attack Surface Analysis/Reduction, use Threat Modeling Implementation Phase- Use approved tools, Deprecate unsafe functions perform static analysis Verification Phase- Perform Dynamic Analysis, Perform Fuzz Testing, Conduct Attack Surface Review Release Phase- Create an incident Response Plan, Conduct Final Security Review, Certify release and archive Response Phase- Execute Incident Response Plan Phase Activities Roles Tools Requirements - Establish Security Requirements -Create Quality Gates/Bug Bars -Perform Security and Privacy Risk Assessments -Project Managers -Security Analysts -Microsoft SDL Process Template for Visual Studio Team System - MSF-Agile + SDL Process Template Design -Establish Design Requirements -Perform Attack Surface...
Words: 2006 - Pages: 9
...able to: * Gain an overall understanding of an e-business transformation capitalizing on the advent of the Internet technologies and Web applications in a specific business situation. * Summarize your understanding of implementing social networking applications into an e-business model capitalizing on the advent of Internet technologies and Web applications in a specific business situation. * Summarize your understanding of identifying risks, threats, and vulnerabilities relating to Web and social networking applications in an e-business transformation. * Identify various weaknesses in Web site applications. * Understand the life cycle of software development and how security can fit into the model. * Identify the need for Payment Card Industry Data Security Standard (PCI DSS) compliance within an organization. * Identify various open source and proprietary tools used in Web application security assessment and vulnerability scanning. * Identify the available mobile communication devices and the security risks associated with each type of device. Required Source Information and Tools The following tools and resources will be needed to complete this project: * Course textbook * Access to the Internet Project Logistics Activity Name | Assigned | Due | % Grade | Project Part 1: Identify E-Business and E-Commerce Web Apps for Planned Transformation | Unit 1 | Unit 2 | 2 | Project Part 2: Identify Social Networking Apps...
Words: 737 - Pages: 3
...Information Security BIS/320 Information Security Kroenke, D.M. (2012) states that SDLC or Systems development life cycle is a conventional method of information systems development. To survive in the market, Amazon Corporation have put major thrust on areas like research, development and building new information systems. SDLC process comes in different versions with varying number of steps. Some go for the eight step process while few prefer the seven step process. Another variation is the five step process which includes the following stages: System definition, Requirement analysis, Component design, Implementation and Maintenance. There is a subtle difference between a disaster and a threat. Heavy physical loss of computing machinery due to natural causes, assault or terrorist attacks come under the category of Disasters. Threats cover issues arising from human errors, malicious illegal acts and natural disasters. An instance of human error would be an unintentional or intentional shredding of data by employees. Events like a twister or flood beyond human control can disable all computing services indefinitely. With all these factors established, it is important to consider the steps to be taken in preparing for disasters ahead of development of plans (Kroenke, “Information Security Management,” 2012). The SDLC process which has been so strictly and exhaustively followed by Amazon can be...
Words: 2406 - Pages: 10
...is used for developing and running enterprise software, including network and web services, and other large-scale, multi-tiered, scalable, reliable, and secure network applications. Specifications : RMI: Distributed Object Communication allows objects to access data and invoke methods on remote objects(non-local memory objects), this process is known as remote method invocation Java Mail: It allows an application component to send Internet mail (notifications. The JavaMail API has two parts: • an application-level interface used by the application components to send mail, and • a service provider interface used at the Java EE SPI level....
Words: 523 - Pages: 3
...to the security requirements of your information system? From the very earliest stages of planning for the development of the system to its final disposal is the advice of the National Institute of Standards and Technology (NIST). By considering security early in the information system development life cycle (SDLC), you may be able to avoid higher costs later on and develop a more secure system from the start. The System Development Life Cycle (SDLC) The system development life cycle starts with the initiation of the system planning process, and continues through system acquisition and development, implementation, operations and maintenance, and ends with disposition of the system. Specific decisions about security must be made in each of these phases to assure that the system is secure. The organization develops its initial definition of the problem that could be solved through automation. Also during this early phase, the organization starts to define the security requirements for the planned system. Management approval of decisions reached is important at this stage. During this initiation phase, the organization establishes the security categorization and conducts a preliminary risk assessment for the planned information system. Categorization of the information system using federal standards and guidelines aids system security planners in defining information system security according to levels of impact, and in selecting a baseline of initial security controls...
Words: 1328 - Pages: 6
...Research Publication Date: 5 August 2005 ID Number: G00130115 Gartner's Hype Cycle Special Report for 2005 Jackie Fenn, Alexander Linden This year, we celebrate the 10th anniversary of Gartner's Hype Cycles. More than 1,600 information technologies and trends across 68 markets, regions and industries are evaluated in the most comprehensive assessment of technology maturity in the IT industry. © 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice. ANALYSIS Gartner's Hype Cycles highlight the relative maturity of technologies across a wide range of IT domains, targeting different IT roles and responsibilities. Each Hype Cycle provides a snapshot of the position of technologies relative to a market, region or industry, identifying which technologies are hyped, which are suffering...
Words: 1983 - Pages: 8
...IS3445 – Week 10 Assignment Project Part 10. Web Security Life Cycle Software development life cycles are created to help guide businesses towards meeting specific desires and needs within their applications. They drive the steps used to meet best practices and standards that businesses are required to follow to function. SDLCs are made up of various different stages such as; assessments, application development, QA testing, deployments, etc. Best practices and standards dictate that implementing security within the various steps of an SDLC if not all of the steps will provide the best results that any business is trying to achieve. An SDLC can come in a few different models like a waterfall model, spiral model and a V-Model. This document will be used to describe and give a brief summary on many different processes. Application Development: During the development of web applications, things such as poor error handling, and unsecure data transferring can plague the development. Poor error handling could result in malicious users finding much more information about a application than should be revealed and can use that information to gain access to unauthorized areas, while unsecure data transferring could result in data being stolen as it is broadcasted across a network. QA/Testing: Security professionals that continually test software and web applications for malicious attacks or security flaws ensure that products will continue to work as desired. Examples of testing...
Words: 1029 - Pages: 5
...online ordering, onsite web hosting, and site redundancy to allow for maximum uptime. What they are asking for is called the system development life cycle (SDLC). Systems development life cycle is defined as "activities and functions that systems developers typically perform, regardless of how those activities and services fit a particular methodology” (Shelly & Rosenblatt, 2011). The systems development life cycle contains the following steps in the model: required analysis, testing, implementation, documentation, deployment, and maintenance. Discuss what it will take to build a Web architecture, move an existing Website with minimal downtime, and provide a disaster recovery solution to ensure the site is always available. The new web architecture is a complete change from the previous implementation of the site causing an entirely new template and architecture. Previous setup used manual ordering, so they would have to call in or physically come in to order the chips. The new architecture will allow for online ordering that will free up more user time in answering phones taking orders. I am assuming the previous network architecture is up to date and running properly. With this assumption, few technology upgrades will be fully required. Improving the technology infrastructure would require an upgraded internet connection to help offset the new traffic that will be occurring with the web site being hosted locally. A new physical server to become a web server, using one of...
Words: 2926 - Pages: 12
...inconvenience involved in item requisition at the library and at the security checkpoint is very discouraging, time consuming and it does not give room for students to take borrowed books out of the library and get access to other items at the security checkpoint without their student identification card. In addition, the manual/paper logbook system brings about impersonation thus imposters getting access and taking away the school's items. Problem Statements * Security guards on duty at their post have little or no means to validate the content of students’ identification cards shown to them by students when students want to make request for library books, classroom keys and projectors. * Students cannot request for library books, classroom keys and projectors without showing their students’ identification cards. Aim Of The Study The purpose of this project is to design and develop a system for the security department of Ghana Technology University College (GTUC) to facilitate an effective release and recovery or tracking of library books, classroom keys and projectors to students. This system will also enable students without students’ identification cards to make requisition of such items. Objectives * Get basic information of students and store in a central database. * Store the requisition activities in the database. * Make the database accessible from remote places on campus thus security personnel can interact well or make good decisions with details...
Words: 899 - Pages: 4
...UNFO Security White Paper Information Security Analyst Executive Summary Date: Friday, September 06, 2013 Introduction Since UNFO’s customer base will have the ability to call in by using credit card numbers to make online purchases with an expectation of 6,000,000 transactions, the need for a well thought out framework plan is essential. The conversations will be recorded and stored in the organization's Private Branch Exchange (PBX) system to where data storage hardware and software requirements will be needed. This document is to outline a Web security life cycle for the organization that will later be compiled as part of the organization's overall security policy by the organization's Senior Security Engineer. Therefore the following categories will serve as the staple of this outline: Application development, QA/testing, deployments, website encryption/key management, data storage/access, systems/devices that interact with the website, 3rd party vendor access, employee web security training, regulatory compliance, emerging laws and regulations for website security. 1. Application development : a. System Analysis: i. Define clearly of the purpose of the software ii. Provide direction for further development iii. Refine project goals for clear function and intended application b. Design: iv. Application’s features and operational functions v. Documentation of application vi. Visualization...
Words: 1842 - Pages: 8
...Review for ERP/Systems Integration & Administration Lec. Dr. Abdullatif Ghallab ghallab@gmail.com أسئلة للمراجعة قبل امتحان نصف الفصل الدراسي الثاني – للعام الجامعي 5102-6102م اسم المقرر: تخطيط موارد المؤسسة/تكامل وإدارة النظم TYPES OF QUESTIONS A. END-OF-CHAPTER QUESTIONS B. ESSAY QUESTIONS C. DISCUSSION QUESTIONS D. CASE QUESTIONS E. TRUE & FALSE QUESTIONS F. MULTIPLE CHOICES QUESTIONS CH1 X X √ CH3 X X √ √ CH4 √ √ √ X X X X X X √ √ √ 1 CH2 X √ X √ √ Review for ERP/Systems Integration & Administration Lec. Dr. Abdullatif Ghallab ghallab@gmail.com CH01- INTRODUCTION TO ENTERPRISE SYSTEMS FOR MANAGEMENT A. DISCUSSION QUESTIONS 1. Refer to the Hershey case. What were the goals and details of the Enterprise 21 project? 1. 2. 3. 4. 5. 2. Establish a single supply chain across all divisions. Streamline all business processes by reengineering them across all functional areas. Increase the gross margin and maintain sales growth. Save $75 – 80 million through corporate restructuring and closing of older distribution sites. Fix their Y2K problem and replace existing mainframe environment. Refer to the Hershey case. What were some of the key problems that Hershey encountered when choosing, integrating and implementing their new ERP system? The implementation of the ERP for Hershey was beset with difficulties due to a number of failures: a. Project management issues...
Words: 9433 - Pages: 38
...System Development Life Cycle Document Jessica Fuentes CIS/568 June 24, 2013 Gonzalo Rosa Background Riordan Manufacturing is a subsidiary of Riordan Industries that specializes in plastics. They employ more than 500 people worldwide with projected annual earnings of $46 million (University of Phoenix, 2002). The controller reviewed the training budget and identified higher than budgeted costs related to emergency training on new systems. Furthermore, override approvals demonstrate the lack of new project training costs in the product development budget unless coded to the wrong cost centers. The director of human resources verified training was not incorporated into the project training costs. The executive board approved distance learning solution project to address these rising and unbudgeted costs. With an $80,000 budget this project leads training through teleconferencing. A systems development life cycle (SDLC) provides an organization with a process for success in meeting the strategic goals in phases (University of Phoenix, 2013). This is the simplest methodology to organize a project. The purpose of this paper is to demonstrate how an SDLC provides Riordan with the necessary tools to meet the organization’s needs in the timeframe and cost constraints outlined by the executive board. Project Planning The project identified by the controller is distance learning through teleconferencing. The project provides a solution to training costs excluded from the...
Words: 835 - Pages: 4
...place. There is a need to follow the system development life cycle (SDLS) for it to be successful and have transformational effect on the company’s operation (Klein, S. 2007). If there is redundancy in the site of the company, some measures should be carried out to ensure that it functions well to serve the company’s information needs. There should be a back-up site available as a failover in case the main site goes down. There is also a need for the site to be redesigned to allow customers to order products online. The system development life cycle (SDLS) is involves seven phases or steps that are followed in developing an information system from conception up to disposition. The following is the seven-step phase of developing an information system by a software engineer: 1. Conceptual Planning 2. Planning and Requirements Definition 3. System design 4. Development and Testing 5. Implementation phase 6. Operations and Maintenance phase 7. Operations and Maintenance phase Conceptual Planning This is the first phase in the system development life cycle. In this phase the information system conceptual framework is constructed. This will include the evaluation and assessment of the system to be developed to determine the cost and risks associated with the system. The managers will also assess the benefits and the opportunities that will be associated with the system. In this first stage of the system development cycle, there will be also the division and designation of...
Words: 3420 - Pages: 14
...5.10 Input Design 15 5.20 Menus 15 5.30 Dialog Box 15 6.00 HUMAN MACHINE INTERFACES 16 6.10 New user registration interface 16 6.20 Admin login monitoring interface 16 6.30Admin interfaces 17 6.40 Available stock 17 6.50 Admin Backup interface 18 6.60 Sales report 18 6.70 Transaction receipt 19 CHAPTER 7 20 7.00 DETAILED DESIGN 20 CHAPTER 8 21 8.00 PROCESSING LOGIC 21 CHAPTER 9 22 9.00 SYSTEM INTEGRITY CONTROLS 22 9.10 System Integrity Controls 22 CHAPTER1 1.00 SYSTEM DESIGN DOCUMENTATION (SDD) 1.10 Introduction Online store system will allow buying of goods and services from merchants who sell on the Internet. Since the emergence of the World Wide Web, merchants have sought to sell their products to people who surf the Internet. Shoppers can visit web stores from the comfort of their homes and shop as they sit in front of the computer. Consumers buy a variety of items from online stores. In fact, people can purchase just about anything from companies that provide their products online. Hardware, software, and other computer accessories are just some of the hundreds of products consumers can buy from an online Store management system. 1.20 Purpose of the SDD The...
Words: 3587 - Pages: 15
...Fundamentals Authors Peggy Fisher (Web Development and Database Administration). Peggy teaches computer science at a rural high school in central, Pennsylvania. Indian Valley High School offers courses in programming (C#, VB, and Java for the AP course), and Web design (Expression Web, HTML, JavaScript, and CSS). Peggy worked for a large insurance company outside Philadelphia, Pennsylvania, prior to leaving the corporate world to join the field of education. She has been at IVHS for the past eight years and truly enjoys her new career. Peggy also teaches part-time at Pennsylvania State University in the Continuing Education program. Her goal in teaching is to instill the love of learning so that her students will graduate and become lifelong learners. Peggy is the co-author of the Web Development Exam Review Kit in the MTA Exam Review Kit series. Patricia Phillips (Lead Author and Project Manager). Patricia taught computer science for 20 years in Janesville, Wisconsin. She served on Microsoft’s National K-12 Faculty Advisory Board and edited the Microsoft MainFunction website for technology teachers for two years. For the past five years she has worked with Microsoft in a variety of roles related to K-12 curriculum development and pilot programs including Expression Studio web design and XNA game development. In her role as an author and editor, Patricia wrote several articles and a student workbook on topics including computer science, web design, and computational thinking. She...
Words: 11425 - Pages: 46