Application Security Testing: An Integral Part of DevOps
Environment: VC6 SP5, W2K SP3
I've been using this site for some time now to help me with my projects. I just want to say thank you to the sponsors! This site is a great resource!
The project requirements were fairly simple. Here's what I needed the program to do:
- Always encrypt the file during write cycles.
- Ability to read in previous unencrypted file versions or encrypted versions automatically without user intervention or conversion programs (backward compatibility).
- Relatively quick read and write times. For this I choose the BlowFish algorithm.
- Provide a mechanism that could be used to trigger different behaviors during the read cycle of the file, such as:
- Use/Change encryption codecs
- Use/Change compression/decompression engines
The implementation is a CDocument derivative called CDocumentBlowFish; it uses a CFile derivative called CFileBlowFish.
I only partially implemented Design goal #1, in that during the read cycle of a file, it automatically determines whether the file was previously encrypted. So the goal of "Use/
Change encryptions codecs" was met. However, I have not yet taken the time to accomplish the goal of "Use/Change compression/decompression engines."
Warning: This code should be considered 0.1 Alpha. I've done some very light testing, but that is all. That being said, I believe the code to be in working order. YMMV!
How to Use the Program
- Drop the following files into your project directory, and then add them to the IDE project:
Comments, suggestions, bug fixes, flames (for coding style), and so forth should be posted here. Please do not send me e-mail asking questions or for help; I get way too much spam as it is...
DownloadsDownload demo exe - 17 Kb
Download demo project - 52 Kb
Download source - 18 Kb