Analyze how advanced security concepts are applied to develop secure code
CS 305 Vulnerability Assessment Process Flow Diagram Text Version
Vulnerability Assessment Process Flow
A circle filled in that denotes Start, with an arrow pointing toward a box labeled Architecture Review.
|
Architecture Review |
|
Analyze application architecture |
An arrow points from Architecture Review toward a box labeled Input Validation.
|
Input Validation |
|
Secure Input and Representations |
An arrow points from Input Validation toward a box labeled APIs.
|
APIs |
|
Secure API Interactions |
An arrow points from APIs toward a box labeled Cryptography.
|
Cryptography |
|
Encryption Use and Vulnerabilities |
An arrow points from Cryptography toward a box labeled Client/Server.
|
Client/Server |
|
Secure Distributed Composing |
An arrow points from Client/Server toward a box labeled Code Error.
|
Code Error |
|
Secure Code Handling |
An arrow points from Code Error toward a box labeled Code Quality.
|
Code Quality |
|
Secure Coding Practices/Patterns |
An arrow points from Code Quality toward a box labeled Encapsulation.
|
Encapsulation |
|
Secure Data Structures |
An arrow points from Encapsulation toward a box that states “Architecture review and optional output from static testing will determine which manual code reviews are necessary.”
Arrows point from the box stating “Architecture review and optional output from static testing will determine which manual code reviews are necessary” to each of seven boxes labeled Code Review.
|
Code Review |
|
Views |
|
Code Review |
|
Models |
|
Code Review |
|
Controllers |
|
Code Review |
|
Data Access |
|
Code Review |
|
Services |
|
Code Review |
|
Plug-Ins |
|
Code Review |
|
APIs |
Arrows point from each of the seven boxes labeled Code Review to a box that states “Summary of findings with mitigation plan”.
An arrow points from the box stating “Summary of findings with mitigation plan” to a filled circle that is outlined by a larger circle, which denotes Stop.