Secure Software Development

Developing an API for a Distributed Environment

Unit 9

Welcome to Week 9. This week is important from the perspective of gaining practical Python developing skills which will support your summative assessment. During this week’s materials, you will create an API, and using that API, you will experiment with creating and reading records.
Knowledge of the Python libraries will continue to be built upon this week and will now be harnessed to create an API through which a system can be created to perform file management. At the back-end side of development prior to this, students have been exposed to how to create software, which is secure, through the application of good coding practices. Skillsets will now be expanded upon to access the back-end code developments through a user interface (UI).

Navigation

Outcomes

  • Summary of the learning outcomes

This unit aims to:

  • Create an API and use it to create and read records
  • Become familiar with the capabilities of Python’s flask library
  • Design an ontology which can be used in standardised service deployments

  • Artefacts

    The projects of the unit to achieve those learning outcomes:

    No projects were elaborated in this unit.

  • Reflection

What exactly have I learnt and how?

Instead of using the Flask library, I develop my skills in Django since it is more suitable for me. It comes with a huge package, and it is a Fullstack Framework. Since I aim to become a Fullstack Developer, I will learn one thing before jumping into another tool, like Flask. Of course, Flask is an API framework, but Django comes with API libraries like REST Framework or Ninja. So it depends on the use case which framework is the best. However, I will go with Django since it has all I need. In the future, I will use the Django library REST Framework for building APIs. Beyond that, the team have been working hard on the development assignment. I was in charge of creating the homepage and the admin page. Django already has an admin page; however, I modified it and connected it with the style of our homepage. While creating it, I learned more about the Django framework and how it is built. It is not usually to override the admin page, but with tutorials and help from the Django documentary, I could customize the admin page. Furthermore, I learned more about bootstrap studio by creating the homepage. Thereby I acquired more skills in CSS, HTML and Jinja2. In the note section below, I add screenshots from the homepage and admin page.

  • Notes

Notes from the elaboration of the unit, various meetings, and feedback from team members and tutors

Here are few insights from the homepage and admin page:
  • Homepage

  • Admin Page

  • Administration Login

    • Reply to a student on the collaborative discussion 2 topic: "TrueCrypt - not recommended! (Initial post)"
    TrueCrypt cryptanalysis by Junestam & Guigo (2014) evidently shows that there are a number of vulnerabilities ranging from high-severity to low-severity and informational ones. From my point of view, the most important vulnerabilities that TrueCrypt is susceptible to are:
    • 1. Volume Header key derivation algorithm
    • 2. Sensitive information might be paged out from kernel stacks
    Because, an attacker can easily access the keys and decrypt the volume by performing a brute-force or a dictionary attack by exploiting these vulnerabilities. Even though, as demonstrated by Davies (2014), using a strong password with a salt of 2^512 increases the time required to carry out a brute force or a dictionary attack, the aforementioned vulnerabilities are still worrisome when considering the project is no longer maintained since 2014 and there are no recent studies which prove TrueCrypt is still a secure option.
    As a result, I wouldn’t recommend TrueCrypt to a friend. However, if a friend of mine has to use it, I’d advise him/her to set a strong password in combination with a salt of 2512 to decrease the possibility of a brute attack, as mentioned above.
    Here is an ontology I created for the vulnerabilities mentioned above:
    - Post by Gianluca Cannone:
    Hello Student,
    I agree that TrueCrypt is not secure and, accordingly, not recommended. Even though there are certain aspects (see my post on TrueCrypt) that TrueCrypt is still great for encryption, the point it is not maintained since 2014 is the most significant factor that we can no longer trust TrueCrypt.

Contact Me