19 Oct You recently took a position as a cybersecurity analyst for a small software company. The software company currently has three commercially available off-t
IT544-2: Analyze the cybersecurity software development life cycle (SDLC).
Scenario
You recently took a position as a cybersecurity analyst for a small software company. The software company currently has three commercially available off-the-shelf software products that are sold to businesses and/or organizations (B2B). They can range from small companies to very large companies, including those in the Fortune 500. One of their products has been identified by CERT to have several vulnerabilities. Since this event occurred, the chief cybersecurity officer (CCSO) suspects that not enough security is built into the software development process used at the company. You have been asked by the CCSO to conduct a cyberattack surface analysis on one of their Web-based products in an effort to improve the software development process.
For the assignment, assume that the presentation layer resides on a dedicated server in the company’s DMZ. The other two layers of the software are behind the corporate firewall and can reside on one or two dedicated servers. The Web application is accessible from the Internet and is browser based. Firefox, Chrome, Internet Explorer, and Safari are the supported browsers.
Assignment Instructions
For Assignment purposes, select a multi-layered (presentation layer, business layer, and database layer) web-based open source project in place of the software company’s web-based product. In place of the open source project, if you are familiar with another web-based system that meets the requirements, then discuss using it with your instructor.
Examples of multi-layered open source projects/products include:
- Office Libre
- Mozilla Firefox
- GIMP (for web development)
- Audacity
- WordPress
- MySQL
You will conduct a cyberattack surface analysis on the system/application you selected. Focus your analysis from an external cyberattack point of view. It is not necessary to focus on end user cyberattacks (social engineering attacks, etc.).
- Define the cyberattack surface (including operating systems and web servers) by identifying and mapping the cyberattack vectors.
- Categorize what was identified
- Describe three use cases that involve the attack surfaces
- Create a graphic representation of the attack surface with labels (Use Visio or any other open source diagramming or drawing tool).
- Discuss how the attack surface can be reduced.
Your attack surface analysis can be done mentally and on paper or you can use an open source attack surface analyzer (OWASP’s Zap is one example).
Assignment Requirements:
- 3–4 pages of content (exclusive of title page and reference page), double-spaced in 12pt Times New Roman font, using correct APA formatting and including a title page and reference page
- At least one credible source.
- Correct spelling and grammar.
- Correct APA formatting.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.