MUSA BASHIR

BSCLMR178021
CSC 4244-SECURITY IN APPLICATIONS
CAT TWO
Question 1:
AfriTech Innovations employed a variety of security testing methodologies to ensure the
integrity and security of the electronic election voter system. These methodologies included:
Static Application Security Testing (SAST): SAST is a type of security testing that is performed
on source code without the need for the application to be executed. This makes it a valuable tool
for identifying vulnerabilities early in the development lifecycle, when they are easier and less
expensive to fix.
Dynamic Application Security Testing (DAST): DAST is a type of security testing that is
performed on a running application. This allows testers to identify vulnerabilities that are only
exploitable when the application is running.
Penetration Testing: Penetration testing is a type of security testing that involves simulating a
cyberattack on an application or system. This can be done using a variety of tools and
techniques, such as social engineering, malware, and network attacks.
Both SAST and DAST are important for identifying vulnerabilities in electronic voting systems.
SAST can help to identify vulnerabilities that are present in the source code, while DAST can
help to identify vulnerabilities that are only exploitable when the application is running.
Penetration testing can help to identify vulnerabilities that can be exploited by attackers to
disrupt or compromise the electoral process.

Question 2:
AfriTech Innovations faced a number of challenges during the development of the electronic
election voter system, specifically focusing on the oversight related to data transmission
encryption. This oversight resulted in a vulnerability that could have allowed attackers to
intercept and manipulate election data.
AfriTech took a number of steps to rectify the issue, including:
 Implementing a stronger encryption algorithm
 Implementing additional security controls to protect the data transmission process
 Conducting additional security testing to ensure that the vulnerability had been fixed
The response from AfriTech was effective in addressing the vulnerability and enhancing the
encryption protocoll. The strategies employed by AfriTech to enhance the encryption
protocol included:
 Using a stronger encryption algorithm
 Using a more secure key management system
 Implementing additional security controls to protect the data transmission process

Question 3:
Penetration Testing played a critical role in AfriTech Innovations' security testing approach.
Ethical hackers were used to simulate cyberattacks on the electronic election voter system. This
allowed AfriTech to identify and fix vulnerabilities that could have been exploited by real
attackers.
The penetration testing results revealed a number of vulnerabilities, including:
 The vulnerability in the data transmission encryption process
 A vulnerability in the authentication system
 A vulnerability in the code that allowed attackers to take control of the system
AfriTech took a number of actions based on the penetration testing results, including:
 Fixing the vulnerabilities that were identified
 Implementing additional security controls to protect the system
 Conducting additional security testing to ensure that the vulnerabilities had been fixed

Penetration testing is an important methodology for identifying vulnerabilities and ensuring the
system's resilience against real-world threats.

Question 4:
AfriTech Innovations' secure application testing practices had a significant impact on the national
elections in Kenya. Their rigorous testing approach influenced the transparency, accuracy, and
accessibility of the electoral process.
AfriTech's security measures helped to ensure that the electronic election voter system was
secure and reliable. This helped to increase public trust in the electoral process and made it more
likely that people would participate in the elections.
AfriTech's secure application testing practices also had a number of long-term implications for
the public's trust in electronic voting systems. AfriTech's work demonstrated that electronic
voting systems can be secure and reliable. This helped to increase public acceptance of electronic
voting and made it more likely that electronic voting systems will be used in future elections.
The lessons that can be extrapolated from AfriTech's work are as follows:
 Secure application testing is essential for ensuring the security of electronic voting
systems.
 Penetration testing is an important methodology for identifying vulnerabilities and
ensuring the system's resilience against real-world threats.
 Strong encryption is essential for protecting election data.
 A rigorous security testing approach can help to increase public trust in electronic voting
systems.