Financial-Planner | Secure Software Enhancement
This capstone project represents the culmination of my Computer Science degree at SNHU. The project focuses on analyzing, reviewing, and enhancing an existing financial services API for Artemis Financial, with specific emphasis on secure coding practices, code quality, and industry standards.
Completing the Computer Science program and developing this ePortfolio have given me the opportunity to showcase my strengths, refine my professional goals, and demonstrate the skills required to enter the field as a capable and employable software engineer. Throughout the program, each course built on the one before it, and the capstone allowed me to integrate everything I learned into a coherent set of enhanced artifacts. This experience has helped me understand the depth of my abilities and how they apply to real-world software development.
Throughout the degree, I gained experience in collaboration, communication, and technical problem solving. Early courses established the foundation for high-quality development practices, while later courses added complexity and professional relevance. For example, CS-210: Programming Languages reinforced the importance of structured input validation and defensive programming. This course taught me that reliable software begins with proper handling of user input, and it gave me experience writing programs that anticipate invalid conditions, handle edge cases, and improve overall robustness. This skill directly influenced my capstone enhancements as I strengthened validation logic, error handling, and user input checks across all three artifacts.
In CS-300: Data Structures and Algorithms, I developed a deep understanding of algorithmic thinking, complexity analysis, and the trade-offs between different data structures. This course was particularly influential when learning sorting algorithms, recursion, hash tables, trees, and linked structures. It shaped my ability to evaluate efficiency and write code that balances clarity with performance. These principles directly informed my Algorithms and Data Structures enhancement, where I improved modularity, reduced redundancy, avoided magic numbers, and ensured the logic aligned with standard code review expectations.
CS-340: Client-Server Development expanded my experience with full-stack applications using MongoDB. I learned how to design NoSQL schemas, create RESTful interactions, and manage CRUD operations efficiently. Understanding schema flexibility, indexing, and data retrieval patterns played an important role in my database enhancement, where I refined query logic, enforced consistent data structures, and strengthened server-side validation.
Advanced development concepts came together in CS-465: Full Stack Development I, where I built applications using the MEAN stack. Working with Express routing, Angular components, TypeScript, and RESTful API integration taught me how to organize scalable and modular architectures. These skills directly influenced the design and structure of my Software Engineering enhancement, where I focused on strengthening maintainability, reducing complexity, and improving separation of concerns in the refactored artifact.
Security practices were emphasized throughout the curriculum. Courses reinforced the importance of input validation, secure communication, encryption, and safe coding patterns. During the capstone, the industry resources I reviewed—including SmartBear, Meta engineering research, and OWASP guidelines—highlighted how essential thorough documentation and consistent quality checks are to professional software engineering. Applying these principles helped me create enhancements that were secure, maintainable, and aligned with real-world development standards.
Together, the artifacts in this portfolio reflect my growth across the program and illustrate the full spectrum of my abilities. The Software Engineering Enhancement demonstrates my ability to refactor legacy code into a cleaner, more maintainable, and secure structure. The Algorithms and Data Structures Enhancement highlights my understanding of computational logic and efficiency. The Database Enhancement demonstrates my ability to design reliable, secure, and scalable data management using modern client-server communication. Although these artifacts came from different stages of my academic journey, they collectively represent my development into an engineer who values clarity, performance, security, and thoughtful design.
This program has shaped my professional goals by confirming my commitment to building software that is secure, scalable, and user-focused. Creating this ePortfolio allowed me to recognize the skills I have developed, the engineer I have become, and the path I am ready to pursue in the industry.
Before beginning enhancements, I performed a full code review using a combination of:
The goal of the review was to identify vulnerabilities, inefficiencies, and areas for improvement in algorithmic performance, software design, and overall code reliability.
View Code Review Checklist (PDF)The artifact selected for the Software Engineering outcome is an investment growth calculator originally developed as a C++ console application in my CS 210 Programming Languages course. The original implementation focused solely on performing compound interest calculations using basic procedural logic and user input prompts. For this capstone project, I transformed that early academic artifact into a modern full-stack web application using a Node.js and Express backend with an Angular frontend. This enhancement was completed during the capstone development period in 2025 and reflects my growth from writing standalone programs to designing scalable, professional software systems.
I selected this artifact because it clearly demonstrates my progression in software engineering and architectural design. The original version lacked validation, modular structure, and real-world usability. In contrast, the enhanced version follows a MEAN-style architecture that separates concerns across controllers, routes, services, and configuration layers. The backend exposes a RESTful API for investment calculations with structured error handling and secure input validation, while the frontend provides a typed Angular interface using standalone components, routing, and two-way data binding. These design decisions improve maintainability, testability, and scalability.
Security and robustness were key considerations throughout the enhancement. I implemented layered validation on both the frontend and backend to ensure invalid or malicious input is safely handled before processing. Constants replaced magic numbers, redundant logic was modularized into reusable functions, and error messaging was improved to guide users without exposing internal logic. These changes align with secure coding and clean code principles and demonstrate a strong security mindset appropriate for production-ready software.
Enhancing this artifact reinforced the importance of modular design, validation, and clear separation between frontend and backend responsibilities. One of the primary challenges was coordinating data flow and routing between Angular and Express after transitioning from a console-only workflow. Overcoming these challenges strengthened my ability to design and communicate technical solutions effectively and confirmed that this artifact fully satisfies the Software Engineering and Design outcome outlined in my capstone plan.
Refactored Artifact Location:
View Refactored investmentController.jsThis refactoring demonstrates mastery of the Software Engineering outcome by applying maintainable code structure, improving readability, reducing complexity, increasing security, and ensuring long-term sustainability of the application. The changes directly improve the performance and reliability of the financial calculations while ensuring that the application follows a modern and scalable design.
For the Algorithms and Data Structures portion of my capstone, I selected the authentication and savings-goal optimization components of my full-stack financial planning application. I chose this artifact because it demonstrates substantial growth from my original C++ investment calculator, which relied primarily on basic loops and arithmetic. In the enhanced version, I incorporated advanced algorithmic strategies, secure data-handling mechanisms, and structured data management to address real-world problems.
The multi-factor authentication (MFA) module showcases strong algorithmic reasoning through the use of cryptographic hashing, BASE32 secret encoding, HMAC-SHA1–based TOTP generation, and constant-time comparisons. These enhancements highlight my ability to apply algorithms beyond numerical computation, particularly in the domain of security, which is one of the most critical algorithmic areas in modern software engineering. In parallel, the savings-goal optimizer implements a logarithmic-time binary search algorithm to compute the minimum monthly deposit required to reach a financial target, demonstrating efficient problem-solving and performance-oriented algorithmic trade-offs.
This enhancement allowed me to fully meet the course outcomes identified in Module One. I designed and evaluated computing solutions using established algorithmic principles, including cryptographic HMAC algorithms, hash comparison techniques, iterative counters, and binary search–based optimization. I demonstrated mastery of appropriate computer science techniques by implementing secure credential storage using bcrypt hashing, BASE32 encoding for safe TOTP secret transmission and storage, and structured data organization through objects, schemas, and persistent models. I also established a strong security mindset by implementing a complete MFA workflow that anticipates adversarial exploits, mitigates timing drift and encoding mismatches, and ensures privacy through proper secret management.
Enhancing this artifact reinforced how closely algorithmic design, security, and data structures are intertwined in real-world applications. Implementing TOTP correctly required a deep understanding of time-based counters, buffer manipulation, HMAC hashing, and the importance of standardized BASE32 encoding. Debugging mismatched verification codes provided practical insight into how small deviations in encoding, byte alignment, or time slicing can undermine cryptographic algorithms. Similarly, developing the savings-goal optimizer emphasized the impact of algorithm selection, as binary search significantly reduced computation time compared to naive linear approaches. One of the primary challenges was ensuring deterministic TOTP behavior across database reads and execution cycles, which required rethinking secret generation, standardizing encoding, and validating HMAC output consistency. Overall, this process strengthened my understanding of efficient computation, security-focused algorithms, and the role of structured data in building robust and reliable software systems.
Enhanced Artifact Location:
View Enhanced goalController.jsThis enhancement demonstrates mastery of the Algorithms and Data Structures outcome by improving computational efficiency, eliminating unnecessary processing, organizing data flow more effectively, and creating predictable, testable data structures. These algorithmic improvements ensure faster execution, reduced system load, and more reliable financial goal calculations for users.
The artifact selected for the Database Enhancement category is the original animal_shelter.py module, created during CS 340 Client-Server Development as part of a CRUD-based introduction to MongoDB. The original artifact implemented a simple Python class that connected to a remote MongoDB instance and provided basic create, read, update, and delete operations for an animal shelter dataset. Although it demonstrated foundational NoSQL database concepts, it was limited to standalone procedural operations and lacked integration within a full application ecosystem. I selected this artifact because it provided a strong baseline for demonstrating growth in database design, API integration, schema modeling, secure data handling, and full-stack persistence.
In the enhanced version, I significantly expanded the database functionality by designing and implementing a robust MongoDB persistence layer for the Financial Planner web application. Rather than performing isolated CRUD operations, the new system introduces a complete savings-goal storage subsystem that allows authenticated users to save, retrieve, and delete personalized financial goals. This enhancement includes a structured Mongoose schema, dedicated controllers for database operations, protected Express routes, a verification middleware layer, and an Angular service responsible for communicating with these endpoints. Database records are securely associated with individual user identifiers, validated on entry, and restricted so that only authenticated users may access or modify their data.
This enhancement fully satisfies the database-related course outcomes identified in Module One. By transitioning from a Python-based CRUD demonstration to a complete Node.js, Express, and MongoDB persistence architecture, I demonstrated my ability to design well-structured, secure, and scalable database solutions that support real application workflows. I also applied industry-standard tools and techniques, including schema-driven validation, RESTful API design, and controlled access to database resources. No updates to my outcome-coverage plan were required, as the completed enhancement fulfills the database outcome while reinforcing software engineering and security objectives.
Throughout the enhancement process, I gained practical experience aligning backend database design with authentication flows, client-side logic, and overall application architecture. One of the primary challenges involved enforcing authorization to ensure that only permitted users could read or modify stored data. Addressing this required implementing token-parsing middleware, restructuring the goal model to correctly associate user identifiers, and resolving ObjectId validation issues during login integration. Additional challenges arose from coordinating Angular services with protected backend routes and ensuring authorization headers were generated and validated consistently. These experiences strengthened my understanding of full-stack data handling, secure query design, and responsibility separation across the API and persistence layers.
Enhanced Database Controller Location:
View Enhanced goalDatabaseController.jsThis enhancement demonstrates mastery of the Database outcome by strengthening database interaction patterns, improving query structure, enforcing consistent data models, and applying secure and efficient database management practices. The refactored design ensures improved performance, increased reliability, and safer long-term scalability within the financial planning application.
All Enhancements Completed. Any Additions to this project in the future will be posted here.