Completing my coursework throughout the computer science program and while developing this ePortfolio I was able to shape my professional goals and values.
I learned that I enjoy finding solutions to common problems and using technology to make repetitive tasks easier such as creating scripts for my Linux distribution at home and in the workplace.
Throughout this portfolio, I enhanced a single program from start to finish to showcase how I can work from beginning to end on a single project. I took inspiration from a script I created,
located here which was written in a shell language and can be used to create a custom command by entering a symbolic link
in the “/usr/bin/” directory. This simple script and instructions eliminate the repetitive steps needed to update and upgrade a Linux distribution.
As a Sr. Systems Engineer operating within an Agile framework, I know time is important, and delivering value to the customer sooner helps establish a solid collaborative environment.
By automating and scripting repetitive steps you shorten the amount of time required to deliver a usable product by simplifying the process with a script you eliminate time spent repetitively typing,
and the possibility of human error. The simplification of these types of processes inspired me to take it a step further by limiting the possibility of a user error and presenting simple layouts that are
intuitively understandable for an average user.
I once again took this further and ensured that the technical side of my project was also simple and reusable by building custom packages to implement the application’s frontend and backend functionality.
Now the main Python file only requires one function imported from two packages (gui, and db). While working through the application I worked incrementally trying to think of what type of tool or
package would make my experience better when attempting to add new functionality.
Part-2
When collaborating in team environments one of the most significant obstacles is communication. I currently collaborate with other contracts at my current site, and even being in the same building
doesn’t make communication any easier. Documentation is a great way to enhance communication by providing clear and concise descriptions for almost any aspect of a project. A good example of using
documentation is how I use a software description document (SVD) to install software. When any SVD is neglected to be updated there is such a large impact since effort now has to shift focus to figuring
out why something isn’t working properly which wastes time and man-hours.
When communicating with stakeholders we can often build on the documentation we previously developed and tailor it to a new audience. Being able to explain and translate technical
documentation to non-technical stakeholders is fundamental to maintaining a collaborative environment with the customers. This type of communication also greatly contributes to delivering
value to the stakeholder sooner since this allows them to provide a status report to their management.
While developing software it is important to address many different components such as data structures and algorithms, databases, and security.
One of the most important aspects is security and it should not be forgotten about. Data structures and algorithms need to be properly optimized since security will create a slight trade-off
for the software’s development. Extra steps should be made so that adversaries cannot exploit the software architecture such as with buffer overflow and underflow, and SQL injection that can
allow a user to gain unauthorized access to sensitive data. We also need to ensure that the application is still usable so defense in depth is a great way to secure any technology that uses
sensitive information such as banking software.
The same security mindset applies to databases since you do not want any sensitive information stored in plain text within a database.
What’s great about using a database is that sensitive information doesn’t have to be stored in memory. An experienced threat actor could exploit memory and find any cookie crumb of sensitive
information within memory even if it’s stored for a short amount of time.
Summary
In this portfolio, I enhanced a single artifact based on a legacy binary application that I reverse-engineered for a previous artifact, and ported into C++. Throughout these enhancements I:
Employed strategies for building collaborative environments that enable diverse audiences to support organizational decision-making in the field of computer science by completing the
following enhancement 1, and enhancement 2 by using docstrings throughout my custom packages as documentation and communication.
I can inform non-technical audiences how the package works, and how it is used throughout the application.
Each function also contains a docstring for any developers looking to enhance or customize their version of the application utilizing the packages.
Designed, Developed, and Delivered professional-quality oral, written, and visual communications that are coherent, technically sound, and appropriately adapted to specific audiences and contexts
by completing the following Code Review which is a video code review describing the status of the current artifact and planned enhancements, along with enhancement 1
documentation and in-link code commenting.
I also ensure naming conventions make sense throughout the enhanced artifact such as gui, db, and auth.
Designed and Evaluated computing solutions that solve a given problem using algorithmic principles and computer science practices and standards appropriate to its solution,
while managing the trade-offs involved in design choices by completing the following enhancement 2 by improving the time complexity of the artifact, and the main function.
Demonstrated an ability to use well-founded and innovative techniques, skills, and tools in computing practices to implement computer solutions that deliver value and accomplish industry-specific
goals by completing the following enhancement 1, and enhancement 3 by porting the artifact to Python, creating a custom package,
and using existing modules to implement database operations.
Developed a security mindset that anticipates adversarial exploits in software architecture and designs to expose potential vulnerabilities, mitigate design flaws, and ensure privacy and enhanced security
of data and resources by completing enhancement 1enhancement 2, and enhancement 3 by parameterizing
database operations to prevent SQL injection, and porting into Python to take advantage of the programming language automatic memory management.
I also ensured sensitive information such as the user password is not stored in memory at any given time and is properly salted and hashed before being stored in the database.
The artifact I chose to enhance is a reverse-engineered investment application.
The original artifact was created on 23 August 2024 and was meant to demonstrate my ability to reverse engineer a legacy application and convert it into a C++ application.
The C++ application demonstrated login-type functionality, where users had to authenticate themselves before displaying some (simulated) data.
Showcasing this artifact demonstrates my ability to reverse engineer a binary executable and convert it into a more modern programming language.
I decided to further enhance the functionality of the C++ application by porting the application into Python to take advantage of the robust library of existing modules and create a
UI design for this login screen. Additionally, I created the application modularly so that further enhancements can be made efficiently. The original application was a single
C++ file with a couple of security vulnerabilities due to the nature of the C++ programming language.
I met the course outcomes I planned to meet with this enhancement. My goal is to simplify the application’s process and user experience.
Turning a console application (only executed within a terminal) into a login screen limits the possibility of adversarial exploits, creates a better experience for the user,
and looks more professional. With this first enhancement, I demonstrated an ability to use well-founded and innovative techniques, skills, and tools in computing practices to implement computer
solutions that deliver value and accomplish industry-specific goals by implementing a modular software architecture, introducing custom Python packages, utilizing database technology,
and taking advantage of Python’s built-in libraries and input handling capabilities.
As I was creating the Python packages for each functionality present within the application such as authentication, and database operations
I realized how complex this process can become if you don’t pay attention. Python’s simple syntax is deceptively confusing when you begin to oversimplify naming conventions.
One challenge I faced was that I wasn’t sure how to navigate the different custom packages within the main() function. Adding too much into the main function could quickly devolve
the simplicity I was aiming for.
Enhancement #2: Algorithms and Data Structures
The artifact I chose is a login portion of a console application derived from a legacy investment application.
The original binary was disassembled, analyzed, and converted into a C++ console application.
For the legacy application, a user had to log in using a username and password to validate credentials and gain access permission to some investment data.
This artifact was created on 23 August 2024 to demonstrate my ability to reverse engineer legacy applications into a modern coding language.
I chose to use this artifact because I discovered a lot of security vulnerabilities while analyzing the assembly code of the binary file.
Securing these vulnerabilities for the C++ conversion added complexity to the original application and increased time complexity to be a trade-off since user input had to be validated (to prevent possible exploits).
A loop continuously evaluating user input caused the time complexity to be O(n) at its best case and O(n*m) at its worst.
Porting this login application into a Python application that uses Tkinter (a C library for graphics) is a great
demonstration of my ability to understand a software application's overarching use cases while implementing them into a user interface (UI).
Implementing a UI for the application makes it easier to understand and appears more professional than a command-line application.
During this enhancement I demonstrated my ability to design and evaluate computing solutions that solve a given problem using algorithmic principles
and computer science practices and standards appropriate to its solutions while managing the trade-offs involved in design choices by improving the time complexity of user validation processes within the application.
Secondly, I employed strategies for building collaborative environments that enable diverse audiences to support organizational decision-making in the field of computer science by
utilizing docstrings throughout my Python files which can be used as documentation for the application.
Including technical information describing each function with docstrings allows other developers to understand and enhance the existing code
in the future without having to directly interface with the originator.
While working through this enhancement process I learned a few tools and concepts. While porting to Python and using existing libraries, I learned about Python's “help()” function.
Although unfamiliar with Tkinter (a C-based Python library), I was able to use the help function within a Pycharm terminal to find resources and functions to use during development.
I also learned more about standard Python practices, such as namespace checking and utilizing “__init__.py” files to limit access to the custom package code. The biggest challenge I faced was using a
new tool in a way that wasn’t explicitly documented within that library’s resource documentation. My personal goal with this project is to maintain simplicity for both technical
and non-technical aspects of the application, which is a challenging balance.
This is the auth package docstring being used with the built-in Python help() function within a terminal.
Enhancement #3: Databases
For this third enhancement, I further enhanced the login screen for the Python application. The original binary was converted into a C++ console application designed based on the inferences
of the assembly code of the binary executable. It would simply verify user access permissions, and display information.
The new artifact was created on September 27th, 2024, where I was able to enhance it into a fully functional login window after porting the application into Python.
I initially chose this artifact to reflect on security since the original executable had many vulnerabilities.
After working on the enhancement of this one artifact I see now that it provides a lot of opportunity to showcase what I learned in Computer Science.
The UI of the application demonstrates how I can design an application with the user in mind.
The simple straightforward appearance showcases my ability to demonstrate well-founded and innovative techniques,
skills, and tools in computing practices to implement computer solutions that deliver value and accomplish industry-specific goals.
I improved docstrings to explain each file thoroughly so that any other developer would have an easier time tracking each component of the application’s files.
Once documentation was completed I implemented a database, and hashing so that user credentials are securely stored in a database. I ensured that the username could not be duplicated and that all passwords were encoded,
hashed, and salted before storing them in the database. No passwords are stored in memory to maintain a security mindset that anticipates adversarial exploits in software architecture and design to expose
potential vulnerabilities, mitigate design flaws, and ensure privacy and enhanced security of data and resources.
I met more outcomes in this enhancement than I anticipated. My enhancement for the database category included using SQLite3 to create a user database for storing user credentials,
hashing passwords, parameterizing database queries to prevent SQL injections, and improving docstrings and in-code documentation. These enhancements met the three-course outcomes that I previously stated.
My current plan is to keep polishing documentation, and functionality, and deliver this project in an organized and timely manner.
As I completed and improved the artifact I learned about the importance of accurately abstracting functionality, and how to ensure sensitive data is secured throughout the code-base.
First I implemented the hashing function and tested it to ensure I knew how to encode and decode without storing the plain-text password in memory.
The biggest challenge I faced was implementing this hashing embedded into the logic of the login screen.
I found that having functions with similar names made it extremely confusing especially when I would nest a function within another.
One example would be when I embedded the hashing function into the verify function, I unintentionally encoded the password twice when verifying the credentials with what was in the database.
Abstracting functionality is great, and Pythons’ simple syntax makes working with it extremely pleasing. There is a limit to the simplistic syntax once you do it too much.
To prevent having to change multiple calls throughout my code I eventually renamed the function and refactored it to fit the logic I was aiming for.
