Your task is to draw a dataflow diagram for the following web application. Application Description: The...

   

Transcribed Image Text:

Your task is to draw a dataflow diagram for the following web application. Application Description: The web application is portal for performing static code analysis of software. The users of the application are software developers (who want to analyse their code), their managers, and administrators (of the web application). The users are authenticated using a cloud based active directory server which manages their identities. The software developers can upload their code to the webserver and perform a static code analysis (which is run in the application server) on the portal, view the analysis reports (scan results stored in the database) and prioritise the vulnerabilities to be addressed and resolve the fixed vulnerabilities (stored in the database). The software developers can also use their own IDEs to interact with code analyser via the web services API and perform the static code analysis. Their managers can view the vulnerabilities reported by the scan tool, view the progress made by the development team in fixing the vulnerabilities. The administrators can manage the whole web application. Client Third party Apps Internet Internet Web servered in the cloud Internet Code Scanner Application server Web services Organisation's Datacenter Internet Database server Cloud based Active Directory Further to the DFD include the STRIDE threat analysis in the form of the table given below. Threats Spoofing Tampering Repudiation Information disclosure Denial service Elevation of Privileges List of threats and their impacts Mitigation Your task is to draw a dataflow diagram for the following web application. Application Description: The web application is portal for performing static code analysis of software. The users of the application are software developers (who want to analyse their code), their managers, and administrators (of the web application). The users are authenticated using a cloud based active directory server which manages their identities. The software developers can upload their code to the webserver and perform a static code analysis (which is run in the application server) on the portal, view the analysis reports (scan results stored in the database) and prioritise the vulnerabilities to be addressed and resolve the fixed vulnerabilities (stored in the database). The software developers can also use their own IDEs to interact with code analyser via the web services API and perform the static code analysis. Their managers can view the vulnerabilities reported by the scan tool, view the progress made by the development team in fixing the vulnerabilities. The administrators can manage the whole web application. Client Third party Apps Internet Internet Web servered in the cloud Internet Code Scanner Application server Web services Organisation's Datacenter Internet Database server Cloud based Active Directory Further to the DFD include the STRIDE threat analysis in the form of the table given below. Threats Spoofing Tampering Repudiation Information disclosure Denial service Elevation of Privileges List of threats and their impacts Mitigation

Answer rating: 100% (QA)

Since Im not able to create visual content like diagrams Ill explain to you how to approach the drawing of a data flow diagram DFD for the web application and then how to fill out the STRIDE threat an... View the full answer