Unit 12

SECURE SOFTWARE DEVELOPMENT REFLECTION

Secure software development proved to be the most difficult yet rewarding module so far in the post graduate computer science program. The aims for myself for this module were to gain a comprehensive understanding of secure software development practices, understanding the fundamental concepts and best practices used to develop truly secure software.

From the start of this module was I excited to develop my skills in this area, for which I had no experience in so far. I was looking forward to being able to identify and mitigate the risks associated with software development. I hoped that I would be able to fully gain the skills taught regarding critically analysing development problems before starting a project to better plan for future risks. As well as critically evaluating solutions that are created.

The initial briefing of the module introduced numerous topics that seemed very challenging such as cryptography and regex expressions. However, the most daunting task personally was working as a team for the summative tasks. Primarily due to the online nature of this course and my lack of experience. I was very nervous about working with a team as I had doubts as to how I would effectively contribute to the success of the team. This was also my first time working in a group for computer science, naturally I was unsure of what the usual working practices would be.

This module began with a clear introduction of best practices, with the discussion forum and the analysis of OWASP top 10 and ISO/IEC standards. These helped to always ensure that potential vulnerabilities were always being prevented throughout all stages of development.

I found Regex and cryptography to be the most difficult concepts for me understand. Both of these involved complex algorithms that I was nonfamiliar with beforehand. The regex syntax was extremely complicated and applying this for my regex post code program proved to be one of the most difficult tasks of the module. After finally grasping these topics I found this to be very rewarding I personally found the concept of cryptography to be the most interesting of the module. I would have liked to have applied these concepts to our team project but unfortunately, I learned these skills too late in the development process.

The accumulation of all the other artefacts and concepts helped greatly throughout the development of the summative projects, this helped me gain more practical experience and a more in depth understanding of making secure software.

The development of the summative projects went mostly as I expected it to, we worked well together as a team with regular communication throughout, we made very good progress early on. However, as the project went on we did start to slow down mid-way through, which made the final stages of the development tough. Some aspects of team working did prove to be challenging, especially the distance. As our group had members from all different continents around the world. The time zone differences and the inclusion of jobs and other responsibilities made proper regular meeting impossible for us. Therefore, we chose to communicate frequently through teams chat and had a shared GitHub repository where we would make amendments to the to do lists. e would update each other on progress with Microsoft teams chat. This proved to be an effective working system, but did create some areas where progress was slow. Personally, I am happy with my contributions to the project I was able to effectively implement the different user roles into the IDA system. This required an understanding of the CRUD concept as user roles included editing, creating, deleting records of data and other users in the case of the admin. Moreover, the setting up the SQLite data base for logging was another vital activity for my personal development due to this being a program I had never utilized before. Although I was initially very nervous about working with a team, I am happy that I was able to complete my tasks and contribute to the success of our project. In hind sight I do wish that we as a group focused more the different security elements and testing rather than mainly on the functionality of the program.

As of the completion of this module I can now confidently say that I can identify and reduce security risks or data breaches for software. Also, I now have a deeper understanding of the industry standards that are expected when developing secure programs. For future implications, the topics of monolithic and microservice architecture seemed to provide very useful experience into an extremely important and growing area of computer science that I believe with help with my professional development.

The team working activities of the module did prove to be a difficult. However, during this reflection stage I now see the benefits of this type of project as useful experience for working with people abroad with from various different ethnic and cultural backgrounds. The team activities also noticeably improved my project management abilities, keeping track of progress of a multifaceted project while managing the input and workflow from other members. This will be vital experience for developing my professional communication and management skills.

Finally, the development of my e-portfolio and the numerous reflections. Have provided me with both a revision of concepts and a deeper appreciation of the paradigm of secure development. I personally now believe that secure software development practices should be learned by all developers to ensure the safest possible programs to combat the growing threats to cyber security.