Overview
In this assignment, you assess the vulnerabilities of a web application that has been chosen by a company seeking to establish an online presence.
Scenario
Montana Out Door Inc. (MOD) is a provider of outdoor equipment and hunting adventures in Montana. The CEO has decided to pursue a digital transformation designed to support a more robust Internet presence including integrated social media outreach and an online store that integrates with its newly adopted software solutions including HubSpot Suite for CRM, SAP SCM for supply chain management, and Salesforce Service Cloud to support the expansion.
Security is an obvious consideration for this endeavor and you have been asked to assess the security risks of the integration of one of these systems with the Internet and other internal systems. In assignments 2 and 3 you will address integration policies and testing respectively.
Preparation
Choose one of the applications identified in the scenario and research its vulnerabilities and ways to safeguard them. SAP is my chosen application.
Instructions
Consider the scenario and the research you performed on your chosen application and do the following:
Describe 3 significant security vulnerabilities inherent in the software that includes historical security performance data. Cite your sources.
Describe 2 security tools designed to mitigate one of the vulnerabilities. One should be internal to the software and the other a 3rd party solution. Explain how each works.
Evaluate the application’s effectiveness in addressing 5 of the following security elements. Rank each as Excellent, Good, or Weak. Support the rationale for your ranking.
Data encryption
Access control and management
Data retention
Management and processing
System login requirements
Process monitoring and traceability                                                                                                                                                                                                                           Include Mike Harwood and Ron Price’s (2024) book Internet and Web Application Security, 3rd edition, Jones and Bartlett Learning 
Analysis and reconstruction of transactions and events due to adversarial actions (forensic reconstruction)
Integration with the existing Oracle DB