Secure Software Development module

Task: Choose an open-source UML tool. Select one of the coding weaknesses which have been identified by OWASP and create a flowchart of the steps which may have led to the weakness occurring. Which UML models might you use to present the design of your proposed software, and why are they the most appropriate choice(s)?

• Word document

Continue the discussion in unit 1. You should choose at least two of your peers' contributions and comment on the weakness they chose, as well as:

• What do you like about their flowchart?
• In what way(s) might it be improved?

• Word document

Continue the Collaborative discussion in unit 1 Provide a summary of the discussion based on your initial post and the feedback from your peers. This is your `Summary` post. Agree or otherwise, with reasons, with the contributions and reviews made by other students on the topic under discussion, enhancing your original post.

• Word document

Task: Some say that people are the biggest risk of cyber security.

Select five terms from ISO/IEC Standard 27000 Section 3 Terms and Definitions and write a 300-word blog post on how people can be managed to overcome cyber security attacks from the inside.

• Word document

Task: You should read Chapter 2,6,7,8 of the course text (Pillai, 2017) and Cifuentes & Bierman (2019) and then answer the questions below, adding them as evidence to your e-portfolio.

• What factors determine whether a programming language is secure or not?
• Could Python be classed as a secure language? Justify your answer.
• Python would be a better language to create operating systems than C. Discuss.

• Word document

A draft of my team's design document for a school Learning Management System application, complete with tutor feedback notes.

• Word document

One of the classic programming problems that is often solved by recursion is the towers of Hanoi problem. A good explanation and walkthrough are provided by Cormen & Balkcom (n.d.) - the link is in the reading list. (the code they used for their visual example is provided on their website as well).

Read the explanation, study the code and then create your own version using Python. Create a version that asks for the number of disks and then executes the moves, and then finally displays the number of moves executed.

• What is the (theoretical) maximum number of disks that your program can move without generating an error?
• What limits the number of iterations? What is the implication for application and system security?
li

• Python file

Create a python program that implements a regex that complies with the rules for UK postcodes – test it against the examples provided.

• Python file

Review the blogs at Praka (2018) and Szabo (n.d.) and then create a CLI/ shell that implements the following:

• When you enter the command LIST it lists the contents of the current directory.
• The ADD command will add the following two numbers together and provide the result.
• The HELP command provides a list of commands available.
• The EXIT command exits the shell.

• Python file

Case Study: Read the TrueCrypt cryptanalysis by Junestam & Guigo (2014) (link is in the reading list) and then answer the following questions:

• he (anonymous) TrueCrypt authors have said “Using TrueCrypt is not secure as it may contain unfixed security issues” (TrueCrypt, 2014). Does the cryptanalysis provided above prove or disprove this assumption?
• Would you be prepared to recommend TrueCrypt to a friend as a secure storage environment? What caveats (if any) would you add?
• Present an ontology design which captures the weaknesses of TrueCrypt, and organise them according to their severity.

• Word document

Review the comments posted by your colleagues from the previous session. Respond to two of your colleagues’ recommendations, pointing out any concerns you would have in using TrueCrypt.

• Word document

Provide a summary of the discussion based on your initial post and the feedback from your peers. This is your 'Summary' post. Agree or otherwise, with reasons, with the contributions and reviews made by other students on the topic under discussion, enhancing your original post.

• Word document

Read the Cryptography with Python blog at tutorialspoint.com (link is in the reading list). Select one of the methods described/ examples given and create a python program that can take a short piece of text and encrypt it.

Create a python program that can take a text file and output an encrypted version as a file in your folder on the system.

• Python file

Read Schmitz et al (2016) article about faceted data.

• Do you think this is a good approach to protect systems from data leakage? What are the pros and cons?
• Create a basic outline design of how you would create such a system in Python.

• Word document

A practical development of my program design document for a school Learning Management System.

• Report [Word document]
• Code [zip folder]

Read Appendix A: the Tanenbaum-Torvalds debate in DiBona & Ockman (1999) then read Fritzsch et al (2019).

The forum has a message that says: “Torvalds has been proven wrong and it only took nearly thirty years. Microservices and microkernels are the future."

• On the forum post a message either agreeing or disagreeing with the above and give a justification (ideally with an academic reference) supporting your view.

• Word document

Read Biggs et al (2018) and Bucchiarone et al (2018) as examples of modern views and approaches to the Monolithic vs. Microservices/ Microkernel debate.

Post your team’s stance to the forum along with justifications.

• Word document

A reflective piece, comparing the final project with the original design proposal.

• Word document