Unit 8 Assignment: Software Security Lab

Exercise 1: Differentiate software components that adhere to functional requirements while safeguarding against security vulnerabilities.

1. Complete the Software Security hands-on exercises.
2. How can Docker be used to isolate and secure individual software components of MedPeople’s web application to meet both functional and security requirements?
3. Explain the role of WebGoat in identifying secure versus insecure software components in the context of MedPeople’s web application. How does setting up WebGoat using Docker aid in understanding these security differences?
4. Considering MedPeople’s need to secure patient data, how do the exercises in WebGoat Developer Tools help in differentiating between functionality and security in web applications?

Exercise 2: Conduct automated code reviews to proactively identify and rectify software vulnerabilities.

1. How effective are tools like OWASP ZAP and Burp Suite in automating the code review process for MedPeople’s web application to identify vulnerabilities?
2. What are the benefits and limitations of using automated scanning tools for MedPeople’s web application for code reviews?
3. In what ways can WebGoat HTTP Basics Interception enhance the identification of vulnerabilities during automated code reviews of MedPeople’s web application?

Exercise 3: Prioritize programming choices and library use in the context of software security.

1. Discuss the impact of library selection on the security of MedPeople’s web application. How do resources on setting up WebGoat and understanding its purpose inform these decisions?
2. How can the lessons learned from setting up WebGoat and WebWolf be applied to prioritize security in programming practices for MedPeople’s web application?
3. Evaluate the security implications of different programming techniques and library integrations in MedPeople’s web application.

4. Exercise 4: Implement comprehensive security assessments to enhance the robustness of software against identified vulnerabilities.

   1. How would you conduct a security assessment to identify and mitigate insecure direct object references (IDOR) vulnerabilities in MedPeople’s web application?
   2. What strategies can be implemented to strengthen security assessments in MedPeople’s web application against missing function level access control (MFLAC) vulnerabilities?
   3. How can the use of Chrome Developer Tools enhance the effectiveness of security assessments for MedPeople’s web application?

Exercise 5: Reflect on the course topics through interview style questions.

1. Using what you have done in this course answer the following practice interview questions:
   1. Can you describe a specific instance where you produced software components that satisfied their functional requirements while ensuring they were free from vulnerabilities? How did you apply secure programming principles in this scenario?
   2. How have you utilized automated code review tools like OWASP ZAP or Burp Suite to identify and rectify software vulnerabilities in a web application? Can you provide an example that demonstrates your understanding of secure software fundamentals and how you mitigated vulnerabilities introduced by using external libraries?

Tutorial for Software Security Lab