TABLE OF CONTENTS

• OVERVIEW
• THE TEAM
• DOCUMENTS
• PROGRESS + DEVELOPMENT

OVERVIEW

Project: Secure Development Life Cycle

This project is geared towards learning about improving the secure development life cycle with software quality assurance. This team is a group of four ICS427 students dedicated to improving our team work and communication skills, security and privacy policies, understanding of quality and reliable code, penetration testing, and analyzing the impact and severity of bugs within software.

Assignments:

• Task Jeeves

THE TEAM

Four ICS students at the University of Hawaii at Manoa.
Check out our portfolios below!

Darlene Agbayani

• Assignment 1
  • Requirements
    • Security
    • Privacy

• Application Logo

• Assignment 2
  • Footer UI
  • End User License Agreement
  • Privacy Policy
  • Security Policy
• Assignment 3
  • Progress
    • New UI for landing page
    • New UI for sign in page
    • New UI for sign up page
    • New UI for list tasks page
    • New UI for add tasks page
    • New UI for edit tasks page
  • Pending
    • Add information to landing page
    • Change font in navbar
    • Update formatting on terms, security, and privacy pages
    • Fix spacing in task list between the tasks
    • Replace user email in navbar with first name
  • Roles and responsibilities
    • Newly completed
      • UI design
    • Current
      • Privacy and security
    • Next
      • Approving merge requests

Julian Kim

• Assignment 1

• Threat Modeling

• Assignment 2
  • Implementation
  • Approved Tools
    • Static Analysis Tools
• TaskJeeves
  • SignOut Page
• Assignment 3: 06/07/2020 - 06/14/2020
  • Progress
    • Continued progress in implementing functions to the app
  • Pending
    • Miscellaneous UI improvements
    • Ensuring each function works properly
    • Miscellaneous Security improvements
  • Roles and responsibilities
    • Newly Completed
      • Signout page redirect
      • Reviewing pull requests
      • Attack Surface Review
    • Current
      • Ensuring functionality of app
    • Next
      • Security enhancements

Craig Opie

• Assignment 1
  • Document formatting
  • Our Team version of the SDL
  • Sceduled meetings / setup communication channels
  • Quality Gates
  • Risk Assessment
  • Definitions
• Assignment 2
  • Setup GitHub for the Team
  • Created issues for the team
  • Created the two projects in GitHub (M1 and Security)
  • Created the working backbone meteor app
  • Created the GitHub Page
  • Sceduled meetings / setup communication channels
• Assignment 3
  • Progress
    • Made adjustments to the user session to terminate when closing the browser or tab
    • Implemented a new table to store the user information without having to go the same table where the user’s password is stored
    • Implemented bcrypt to hash and salt the passwords to prevent being stored in plain text
    • Implemented regular expressions to check for invalid characters during using input
    • Deployed our web application to https://taskjeeves.meteorapp.com/
    • Deployed Arachni to evaluate our web application’s security
    • Wrote the Dynamic Analysis portion of our report
  • Pending
    • Address the security concerns identified in our Arachni evaluation
  • Roles and Responsibilities
    • Newly completed
      • Approving merge requests
    • Current
      • Evaluating security concerns in accordance with the NVD and using the CVSS v3.1 calculation evaluation
    • Next
      • Removing depreciated pages and references from our web application

Joseph Paragas

• Assignment 1
  • Design Requirements
  • Attack Surface Analysis and Reduction
  • Application Title
• Assignment 2
  • Landing Page UI
• Assignment 3 (06/07/2020 - 06/14/2020)
  • Progress
    • Continuing to work the formatting/design of the user profile page
    • Continuing to work on design of other static pages
  • Pending
    • Edit Profile feature
    • UI for the Edit Page
  • Roles and Responsibilities
    • Newly completed
      • Reviewing Pull Requests
      • Create Profile Page
    • Current
      • User Profile Page design/format
    • Next
      • Edit Page

DOCUMENTS

• Our SDL
• Assignment One

PROGRESS + DEVELOPMENT

Track the team’s progress via Milestones:

• Security
• First Milestone

Task Jeeves is a Meteor application that illustrates:

• A secure web application deployment using Microsoft’s Security Development Lifecycle.
• A task management system that allows users to create tasks for productivity purposes.
• Allows creating new tasks with due dates.
• Allows marking tasks as complete.

The goal of this application is to demonstrate a Meteor development providing a secure directory structure for development and deployment, a set of common extensions to the core framework, and a basic application to implement basic page display, navigation, forms, roles, and collection manipulation.

Back to table of contents