--- June 14 - Sep 15, 2022 ---

Secure Software Development

--- March 30, 2022 ---

Cryptographic Failures

Communication Diagram

--- July 27, 2022 ---

Development Team Project: Dutch National Cybersecurity Center

Design Document

Open in a New Tab

Tutor's Feedback
Overall comments
Positives
  • Reference made to OWASP from our module materials, helping to position your work within the wider field.
  • A well detailed use case model demonstrates expertise in this aspect of UML. I would have liked to have seen it showcased earlier in the report.
Negatives
  • The assessment specification requests that one of three domains are used as case studies around which your code development will be structured, however, unfortunately, one of these domains has not been selected.
  • There are opportunities in places to make the UML more precisely defined and to exploit it more fully in its capability for representing a scenario.
  • I would like to see some greater justification for the decision to use 3rd party tools than the fact that they will make the development process quicker. The goal of this assessment is to examine your knowledge and understanding of security practices as a priority, and without this specific detail, there is less of an opportunity to assess this.
Overall Grade

Pass.

--- August 25, 2022 ---

Development Team Project: Dutch National Cybersecurity Center

Presentation

Tutor's Feedback

While the presentation in itself does not contribute to your overall grade for Assessment 2, I want to commend you on the high level of performance during it. The code was effectively discussed, and questions were answered in a manner which demonstrates great familiarity and understanding of the development. All members of the team were present during the session (there may have been greater sharing of the presentation communication between team members). Excellent demonstration of time management, which comes through effective preparation and planning. Well done, Team 3.

Tutor's Feedback on the Coding Output

Overall Comments
Positives

An excellent range of security-related capabilities have been deployed, and are verified as being operational through the automated testing applied.

Points for development

I feel there is greater opportunity to prepare your code for an independent person, in the sense of someone who has not been involved in the development of it. In this, I am referring to both the organisation of the code when named and packaged into folders, the naming of the files, and the commenting applied through the scripts. When executing useEffect() in Navbar.js for example, this could instead be described as useThisEffect() to help to make it more explicit.

Overall Grade

Excellent - Distinction

Self Evaluation of the Coding Output

In my opinion, our team was able to satisfy all the specifications presented int the design document. We didn't provide a direct functionality that enables users of the general public to delete personal information to comply with the GDPR. However, this is doable by the super admin of the application upon request. Other functionalities are private and designed to be used by logged in cybersecurity specialists who deal with suspected cases of cybercrime which entitles them to collecting all possible information to protect country and everybody from such attacks (ico.org.uk, 2021).

Reference

ico.org.uk. (2020). The right to erasure and the right to restriction . Available from: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-le-processing/individual-rights/the-right-to-erasure-and-the-right-to-restriction/ [Accessed 10 July 2022].