--- June 14 - Sep 15, 2022 ---

Secure Software Development

Team meetings were held on a weekly basis during the development of the team project. Slack was used to manage team work and document the conversations and discussions. A copy of the meeting minutes and action points is shown below.

Meeting #1 (27.06.22):

Minutes:

We discussed which programming language/ app development platform to use:

Flask and Python were preferred, based on group members’ experience (Django could be possible).
Djordje suggested using Firebase as the platform – specifically the Cloud Firestore – as a simple solution to build a database and connect frontend.

Mohammed had made a summary of the brief to break down the requirements clearly:

We discussed choosing the domain and the assessing domain-specific requirements – Djordje mentioned that it was possible to use Heroku.com or AWS to assess the requirements
We collectively decided that the Dutch Police Internet Forensics domain was the most appropriate for the project

To keep track of meeting progress, Djordje suggested we start a Jira workspace, in a similar approach to SCRUM
We collectively decided we need to clarify what is expected in terms of use of programming languages/ concurrent events / the microservice application version

Action Points (to complete by 04.07.22):

Djordje Savanovic: Clarify project brief requirements with Dr. Peoples: which programming languages can be used, which platform to use, what is expected for the microservice version etc.
All: look into the detailed system requirements and assumptions for the domain (Dutch police internet forensics) – remember to make a note of all references used
Start a Jira workspace? (Volunteer needed!!!)

Aims for the next meeting:

Settle all questions regarding program languages and interpretation of the brief.
Finalise system requirements, design decision and approaches.
Have a first idea of security risks and vulnerabilities.
Next week we will define UML diagrams required and split the work.

Meeting #2 (04.07.22):

Minutes::

Djordje updated us on the tools that we will be using for the application. These are:

Front end : Reactjs
Databases: Firebase Realtime except for documents and images will be saved to Firebase cloud.
Event monitoring :Firebase events

Djordje mentioned that we received a positive feedback form Dr. peoples regarding how we are going to implement the application.

We discussed that Firebase products will be able to handle most of the application requirements natively including user registration, authentication, storage.

We agreed that data security should be implemented as the following:

Using HTTPs for data transmission.
Encrypting sensitive data that will be identified at the design stage.

We discussed that meeting the GDPR requirements may not be necessary as this application will be for police internal use. However, this will be verified once the application specifications are finalized.

Action points:

Write a list of specifications and share them on Slack for feedback and refinement.
Prepare UML drafts and share them on Slack. The chosen UML drafts were:

Flowchart
Sequence diagram
Activity diagram

Rachel will share a template for the Design document on google docs for group work.

Meeting #3 (11.07.22):

Minutes:

Djordje gave us an update about his search for the encryption methods available for the Firebase database. He will continue his search to find a way to decrypt the data.
We worked on a sitemap for the web application using https://app.diagrams.net.
We agreed on the user types to be as the following:

Super admin/admin be responsible for adding the cyber specialists to the system internally without a registration form.
Cyber specialists will be responsible for adding new reports or working on publicly submitted reports.

Djordje shared a link on how to build an app using ReactJS and Firebase Realtime Database.

Action points ( To be completed before the next meeting)

Djordje will continue searching for the required implementation details of our project.
Roberto will work on a use case diagram for the whole application.
Mohammad will work on an Activity diagram for adding reports.
All team members will be sharing feedback on the diagrams.
All team members will be working on the Project proposal google doc.

Meeting #4 (18.07.22)

Minutes::

Djordje informed us about the data encryption solution and testing framework that he found suitable for our project:

Encryption : Crypto JS library that uses AES.
Testing: Jest framework.

We finalized the UML diagrams.
We also reviewed the design document draft that we will send to Dr. Peoples for approval.

Action points:

Update the UML diagrams.
Add them to the design document.
Mohammad will send the design document draft to Dr. Peoples on 19/07/2022.
Djordje will create a GitHub repository for our projects and share it with the team members.
We will start system implementation after the design is approved.

Meeting #5 (08.08.22:

Minutes:

We discussed the implementation progress. Djordje demonstrated the basic features of the application that were completed so far including:

Private routes.
The public route for adding public reports.
Adding reports, authorities, and IT Updates.
Viewing list of reports, authorities, and IT Updates.

Action points:

Create tests using the Jest testing framework.
Create form validations using Formik.
Try to include more security layers including:

Two factor authentication
Data encryption.

Nicholas will provide us with test data to work on in the next two days. (edited)

Meeting #6(22.08.22)

Minutes::

We discussed the implementation progress including adding tests and from validations.Djordje presented the outline of the presentation for out team project that will take place on Thursday.

Action points:

Add more tests.
Add more comments to the code.
Djordje will share the presentation with us for team collaboration.
Edit the readme file by adding more details about:

Testing.
The user guide.
The python API example.

Test application scenarios that include producer-consumer concurrency.