In my ICS 427 class, I was part of Team Splendor and we made a movie rating and reviewing local web app called Flick Critik. This web app allows users to rate and review movies that are in our database. We had the home page, an account system for signing up / in / out, seperate pages for each movie as well as a page that contained the list of movies, and the ratings & reviews page. This project was also designed with the Secure Development Lifecycle (SDL) in mind. Every week, we would write weekly reports and continue to follow the SDL to ensure that our project was secure. We were able to ensure that our project was secure by following all of the parts of the SDL such as dynamic analysis, static analysis, etc…
For this project, the main parts that I worked on were the ratings and reviews page. I had done this before in a previous project so the code was a little similar. However, the usage of that code was a bit different from this one so I had to transition that old code into a newer version. Within these pages, it gave users an option to rate the movies on a scale of 1-5 and review the movies by leaving comments as to what their thoughts on the movies were. These comments would then show up for other users to see so they can get a sense of what the movie was like.
Overall, from this experience, what I learned was not necessarily how to code the program as it was something similar to what I had previously done (although it did help refresh my memory of the concepts), but how to go through the Secure Development Lifecycle and enact it throughout the coding process. By following the Secure Development Lifecycle, we were able to secure our program through the various methods and we got a sense as to what cybersecurity computer scientists have to do in order to secure their programs. Although this is just scratching the surface, I still feel like we got a good grasp on the world of cybersecurity and how it works in the coding process.
You can find the repository for our project here.
Here is the link to our reports that followed the Secure Development Lifecycle. We explain in depth what we did throughout the project in each week and how we tested everything along the way in order to ensure the security of our program.