Michelle was born and raised on the island of Oahu. She is currently attending University of Portland studying Computer Science. Michelle plans to work in industry as a software engineer after graduating from college. She is currently interested in cybersecurity, but would also like to explore other fields of computer science. During her free time, she likes spend quality time with her family and friends and go hiking.
Home Island:Â Oahu
High School:
Institution when accepted: University of Portland
Akamai Project:Â Performing an Analysis of Alternatives for Security Testing Tools to be Incorporated into a Penetration Testing Suite
Project Site: Akimeka, LLC
Mentors:Â Brent Salmon and Des Iorgova
Project Abstract:
The emergence of cyber security threats in both the commercial and government Information Technology world has given rise to an urgent need to secure existing and future applications and data across the world. Theater Medical Data Store (TMDS) and Medical Situation Awareness in Theater (MSAT) are web-based applications managed by the Department of Defense that are used to view and track a soldier’s medical treatment in the combat zone. Due to the nature of the data in these systems, it is a matter of patient safety to ensure that the applications are secure. Akimeka’s quality assurance team performs manual functional testing to validate that the systems execute as expected, but there is currently no framework for performing security testing. This project has been tasked with the empirical discovery of a tool that will provide a security testing component to a future security testing framework. Specifically, we focused on open source security testing tools and developed an evaluation criteria to empirically determine the best tool to use. The Department of Defense requires performing an Analysis of Alternatives (AoA) before new tools can be chosen. We conducted research on common security vulnerabilities for web applications identified by Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security of software, AoA methodologies, evaluation criteria standards, and security testing tools. This background analysis was used to develop a web page in Eclipse, a Java Integrated Development Environment, using JSP, HTML, and JavaScript with a backend MySQL database that included some of OWASP’s top ten vulnerabilities such as cross site scripting, SQL injection, and sensitive data exposure. The web page is used to evaluate the performance of the security testing tools, allowing the highest ranked tool to be selected for the security testing framework. The chosen tool will be the backbone to developing a security testing framework for TMDS and MSAT through the discovery of vulnerable areas that can potentially be exploited by bad actors. Future work on this project should include the incorporation of this tool into a Penetration Testing Suite for TMDS and MSAT.