Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Assignment 2 You are still working in the same large organization as a Security

ID: 3734767 • Letter: A

Question

Assignment 2 You are still working in the same large organization as a Security Analyst. The organization is still firmly resolved to develop and install home grown applications using ASP.NET development platform. As a key member of the development team you must be involved in all aspect of application security. Now, when the pilot project is rolled out into production, you are set to deal with several concerns, related to the newly developed code. The pilot application is an e-commerce system, designed to sell home-designed and produced products. Here are the major concerns. You must address these concerns and give a way of resolving them to everyone’s satisfaction: ASP.NET application is using a small credit card processor for credit card sales. Developers, who wrote the bridge with the provider software, decided that it might be easier to store the transaction key in the ViewState because most of the related operations are performed on the same page. The sales personnel reconciling transactions with the bank noticed that some of the transactions were completed successfully but the bank has no record of funds transfer. Your system administration team has invested in the monitoring software, which would alert them if the error occurred in the application. This software is tightly integrated with all windows administration features. However, the architect of the system insisted on using log4net for recording exceptions. The administration software does not work with log4net and another solution may be required. When looking at the database you noticed that user table contains a field for password. The architect of the system claims that the password is properly hashed. However, you noticed that architect insisted on using a proprietary hashing mechanism he learned in school. Can you suggest a better hashing solution using .NET only? Please, explain why it is good. You also noticed that credit cards for the users are encrypted. The problem with this solution is that key is stored in the administration table in the database. The architect tells you that there is a policy to change the key every so often, but you are not at all satisfied with suc Assignment 2 You are still working in the same large organization as a Security Analyst. The organization is still firmly resolved to develop and install home grown applications using ASP.NET development platform. As a key member of the development team you must be involved in all aspect of application security. Now, when the pilot project is rolled out into production, you are set to deal with several concerns, related to the newly developed code. The pilot application is an e-commerce system, designed to sell home-designed and produced products. Here are the major concerns. You must address these concerns and give a way of resolving them to everyone’s satisfaction: ASP.NET application is using a small credit card processor for credit card sales. Developers, who wrote the bridge with the provider software, decided that it might be easier to store the transaction key in the ViewState because most of the related operations are performed on the same page. The sales personnel reconciling transactions with the bank noticed that some of the transactions were completed successfully but the bank has no record of funds transfer. Your system administration team has invested in the monitoring software, which would alert them if the error occurred in the application. This software is tightly integrated with all windows administration features. However, the architect of the system insisted on using log4net for recording exceptions. The administration software does not work with log4net and another solution may be required. When looking at the database you noticed that user table contains a field for password. The architect of the system claims that the password is properly hashed. However, you noticed that architect insisted on using a proprietary hashing mechanism he learned in school. Can you suggest a better hashing solution using .NET only? Please, explain why it is good. You also noticed that credit cards for the users are encrypted. The problem with this solution is that key is stored in the administration table in the database. The architect tells you that there is a policy to change the key every so often, but you are not at all satisfied with suc Assignment 2 You are still working in the same large organization as a Security Analyst. The organization is still firmly resolved to develop and install home grown applications using ASP.NET development platform. As a key member of the development team you must be involved in all aspect of application security. Now, when the pilot project is rolled out into production, you are set to deal with several concerns, related to the newly developed code. The pilot application is an e-commerce system, designed to sell home-designed and produced products. Here are the major concerns. You must address these concerns and give a way of resolving them to everyone’s satisfaction: ASP.NET application is using a small credit card processor for credit card sales. Developers, who wrote the bridge with the provider software, decided that it might be easier to store the transaction key in the ViewState because most of the related operations are performed on the same page. The sales personnel reconciling transactions with the bank noticed that some of the transactions were completed successfully but the bank has no record of funds transfer. Your system administration team has invested in the monitoring software, which would alert them if the error occurred in the application. This software is tightly integrated with all windows administration features. However, the architect of the system insisted on using log4net for recording exceptions. The administration software does not work with log4net and another solution may be required. When looking at the database you noticed that user table contains a field for password. The architect of the system claims that the password is properly hashed. However, you noticed that architect insisted on using a proprietary hashing mechanism he learned in school. Can you suggest a better hashing solution using .NET only? Please, explain why it is good. You also noticed that credit cards for the users are encrypted. The problem with this solution is that key is stored in the administration table in the database. The architect tells you that there is a policy to change the key every so often, but you are not at all satisfied with suc

Explanation / Answer

for hashing use modern hashes that are more secure and fast like BLAKE 2

blake 2 is an excelent hash function that is faster than mkmost of well known fuctions like SHA1, 2 3 or MD family.

it is widely used in many open source libraries like GNU core, noise crypto protocol (used by whatasapp and other messaging services) etc it is documned in RFC 7693.

Related Questions

Assignment 2 (cont\'d), Spr\'18 Name, please: -page 2 THI S PAGE MUST BE COMPLET
Question #195865
Assignment 2 - 100 points Part 1 Assignment Overview In Part 1 of this assignmen
Question #3731385
Assignment 2 - Adding a Deck ---- PLEASE READ ALL Understand the Class and Probl
Question #3878306
Assignment 2 - Adding a Deck ---- PLEASE READ ALL Understand the Class and Probl
Question #3878419
Assignment 2 - Adding a Deck Understand the Class and Problem We continue to wor
Question #3878210
Assignment 2 - Adding a Deck Understand the Class and Problem We continue to wor
Question #3878280
Assignment 2 - Adding a Deck Understand the Class and Problem We continue to wor
Question #3878612
Assignment 2 - C++ Palindrome Description The challenge for this second assignme
Question #3878288

Navigate

Previous
Assignment 2 Write a program in assembly language that asks the user to input tw
Next
Assignment 2 You are the software developer put in charge of helping an online s