a. What is your security recommendation? Why did you choose it?
I chose “Third-party libraries have been checked for weaknesses” as my security recommendation.
I chose this recommendation because our project relies on third-party APIs (we use the Pexels API to search photos). Ensuring that the libraries we use are free from vulnerabilities is crucial for maintaining the security and integrity of the application.
b. Who does the recommendation benefit (end-user, developer, etc.)?
I believe both the end-user and the developer benefit from this recommendation. For the end-user, it provides a secure and stable application, with no vulnerabilities that may be exploited. For the developer, it helps maintain the integrity of the codebase and reduces the risk of merging outdated or unsupported libraries, which could lead to unreported and unpatched vulnerabilities. These potential issues can result in unwanted side effects, such as making the application more susceptible to security risks or using poorly maintained code.
c. If the recommendation was found somewhere other than the provided checklist, include a link to it.
The recommendation I selected, 'Third-party libraries have been checked for weaknesses,' is from the provided checklist, so no external link is required.
d. When would the recommendation have to be implemented (based on how serious the security risk is)?
The recommendation should be implemented as early as possible, ideally during the initial stages of development when third-party libraries and APIs are being selected. This helps mitigate potential security risks from the start.
e. Why do you think your project needs your recommendation?
Because it relies on third-party APIs, and we use the Pexels API to search photos. For this reason, it is better to check if it can introduce vulnerabilities, either through known security weaknesses or due to outdated or unsupported code.
f. How do you think your recommendation could be applied?
The recommendation could be applied by security checks into the development process. Also, I found that we can use tools like Snyk to identify vulnerabilities in our third-party APIs and libraries.
i. How feasible would the implementation be?
The implementation is very feasible since Snyk is user-friendly, supports multiple programming languages, and integrates seamlessly with development tools like GitHub, CI/CD pipelines, and IDEs. It can be integrated into our development workflow.
Here is the link of pexels API vulnerabilities on Snyk website: https://security.snyk.io/package/npm/pexels-api
a. What is your security recommendation? Why did you choose it?
I chose “Third-party libraries have been checked for weaknesses” as my security recommendation.
I chose this recommendation because our project relies on third-party APIs (we use the Pexels API to search photos). Ensuring that the libraries we use are free from vulnerabilities is crucial for maintaining the security and integrity of the application.
b. Who does the recommendation benefit (end-user, developer, etc.)?
I believe both the end-user and the developer benefit from this recommendation. For the end-user, it provides a secure and stable application, with no vulnerabilities that may be exploited. For the developer, it helps maintain the integrity of the codebase and reduces the risk of merging outdated or unsupported libraries, which could lead to unreported and unpatched vulnerabilities. These potential issues can result in unwanted side effects, such as making the application more susceptible to security risks or using poorly maintained code.
c. If the recommendation was found somewhere other than the provided checklist, include a link to it.
The recommendation I selected, 'Third-party libraries have been checked for weaknesses,' is from the provided checklist, so no external link is required.
d. When would the recommendation have to be implemented (based on how serious the security risk is)?
The recommendation should be implemented as early as possible, ideally during the initial stages of development when third-party libraries and APIs are being selected. This helps mitigate potential security risks from the start.
e. Why do you think your project needs your recommendation?
Because it relies on third-party APIs, and we use the Pexels API to search photos. For this reason, it is better to check if it can introduce vulnerabilities, either through known security weaknesses or due to outdated or unsupported code.
f. How do you think your recommendation could be applied?
The recommendation could be applied by security checks into the development process. Also, I found that we can use tools like Snyk to identify vulnerabilities in our third-party APIs and libraries.
i. How feasible would the implementation be?
The implementation is very feasible since Snyk is user-friendly, supports multiple programming languages, and integrates seamlessly with development tools like GitHub, CI/CD pipelines, and IDEs. It can be integrated into our development workflow.
Here is the link of pexels API vulnerabilities on Snyk website: https://security.snyk.io/package/npm/pexels-api