{"id":25813755,"url":"https://github.com/formtrix/cs-305_portfolio","last_synced_at":"2026-05-14T15:33:42.507Z","repository":{"id":236393812,"uuid":"485769285","full_name":"Formtrix/CS-305_Portfolio","owner":"Formtrix","description":"Software Security ","archived":false,"fork":false,"pushed_at":"2024-08-28T09:10:26.000Z","size":21766,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-16T06:23:54.107Z","etag":null,"topics":["developer-tools","security","software-development","software-engineering","testing"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Formtrix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-26T12:08:04.000Z","updated_at":"2024-08-28T09:10:29.000Z","dependencies_parsed_at":"2024-08-28T10:37:18.177Z","dependency_job_id":null,"html_url":"https://github.com/Formtrix/CS-305_Portfolio","commit_stats":null,"previous_names":["kennedy-u/cs-305_portfolio","imetalh/cs-305_portfolio","formtrix/cs-305_portfolio"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Formtrix%2FCS-305_Portfolio","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Formtrix%2FCS-305_Portfolio/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Formtrix%2FCS-305_Portfolio/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Formtrix%2FCS-305_Portfolio/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Formtrix","download_url":"https://codeload.github.com/Formtrix/CS-305_Portfolio/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241090719,"owners_count":19908005,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["developer-tools","security","software-development","software-engineering","testing"],"created_at":"2025-02-28T02:49:51.629Z","updated_at":"2026-05-14T15:33:42.477Z","avatar_url":"https://github.com/Formtrix.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CS-305 Software Security\n\nProjects from CS-305 Software Security.\n\n## Projects\n- Project 1 - [Vulnerability Assessment Report](docs/CS-305%20Project-1%20Artemis%20Financial%20Vulnerability%20Assessment%20Report.pdf)\n- Project 2 - [Practices for Secure Software Report](docs/CS-305%20Project-2%20Practices%20for%20Secure%20Software%20Report.pdf)\n- Certificate Generation - [Certificate Generation](docs/Module%20Five%20Certificate%20Generation.pdf)\n\n### Cert\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"CS-305_Project%202_ssl-server_student/images/cert.jpg\" alt=\"image\"\u003e\n\u003c/p\u003e\n\n\n## Reflection\n\n### Briefly summarize your client, Artemis Financial, and their software requirements. Who was the client? What issue did they want you to address?\n\nThe client, Artemis Financial, a financial institution, sought to incorporate additional security layers into their business application codebase, including files and contents.\n\n### What did you do very well when you found your client’s software security vulnerabilities? Why is it important to code securely? What value does software security add to a company’s overall wellbeing?\n\nRefactoring and performing a secondary dependency vulnerability scan on the codebase proved valuable. I excelled in troubleshooting the scan process, including dependency resolution and environment setup. Additionally, I effectively documented the vulnerabilities and the steps taken to mitigate them. Reducing vulnerabilities and security threats enhances the overall security of the software.\n\n### What part of the vulnerability assessment was challenging or helpful to you?\n\n The Maven dependency tool user guide provided guidance on interpreting the report and determining whether a vulnerability is a false positive. While false positives can be suppressed, they must be verified by the analyzer before being excluded from future builds. Handling false positives was challenging due to their high volume during the dependency check.\n\n### How did you increase layers of security? In the future, what would you use to assess vulnerabilities and decide which mitigation techniques to use?\n\nDuring the refactoring and analysis of dependencies, outdated libraries and frameworks were identified. Such libraries are often vulnerable to attacks and can compromise the overall functionality of the software. Consequently, these libraries were updated to their latest patches. To further enhance security, input validation was incorporated into the source code. Additionally, a hash function was implemented to generate hash values (digests) for data. Hash functions are essential for ensuring data integrity and digital signature authentication. Penetration testing techniques will effectively identify most software vulnerabilities, and the proposed DevSecOps guidelines will be applied to address any vulnerabilities discovered.\n\n### How did you make certain the code and software application were functional and secure? After refactoring the code, how did you check to see whether you introduced new vulnerabilities?\n\nDuring the refactoring of the codebase, it was systematically debugged to address functional issues and code errors. The `pom.xml` file was carefully analyzed to ensure that each dependency was functional and up-to-date. Following the refactoring, an additional dependency check was conducted to confirm that no new vulnerabilities had been introduced.\n\n### What resources, tools, or coding practices did you use that might be helpful in future assignments or tasks?\n\nMost of the tools I used were research-based. I relied on Stack Overflow to find solutions to environmental setup issues, leveraging insights from other developers and administrators who had faced similar challenges.\n\n\n### Employers sometimes ask for examples of work that you have successfully completed to show your skills, knowledge, and experience. What might you show future employers from this assignment?\n\n  - The implementation of the data encryption.\n  - Implementation of maven dependency check and its report after and before suppressed vulnerabilities. \n  - CA authorization procedure, implementation and management. \n  - Input validation technics as it provides an additional security layer.\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fformtrix%2Fcs-305_portfolio","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fformtrix%2Fcs-305_portfolio","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fformtrix%2Fcs-305_portfolio/lists"}