Highlights
- Game-Changing Security Solution from Scratch: joined the Phoenix Security project at the very start as the main software development provider, and worked in close contact with the client’s CEO and CTO throughout the entire project’s duration from initial idea to release and beyond.
- Diverse Tech Expertise at Scale: assembled a versatile dedicated team covering all tech aspects for the client including custom software development, UI/UX design, and integration of multiple 3rd-party solutions.
- Proven Market Success: already trusted by 380 international companies, Phoenix Security is offering 12x faster risk reduction processes and 7x lower prices for services compared to competitors.
Client
The client is Phoenix Security, a vulnerability management company, that enables organizations to prioritize contextual vulnerabilities from code to Cloud. It was founded by Francesco Cipollone and Alfonso Eusebio, who wanted to leverage their years of experience in the cybersecurity industry to build a powerful and innovative product that would become a paradigm shift in the industry, improve DevSecOps methodologies, and evolve triaging the security teams and organizations.
The co-founders were looking to implement their idea of an innovative vulnerability management platform, and after evaluation of our completed projects and personal meetings, SPD Technology became their key software development provider and trusted business partner.
Product
The product is an end-to-end vulnerability management platform that focuses on workflows, threat feeds, and real-time data. It implements the Phoenix Cybersecurity framework methodology, facilitating risk-based and metric-based vulnerability management for businesses across all industries.
This product combines a set of security scanners and solutions under one user account, providing a single dashboard with aggregated information and reporting possible security issues. This intuitive, all-in-one dashboard helps customers effectively and easily detect and remediate the latest cyber vulnerabilities. The platform offers easy-to-decipher graphic insights that allow users to visualize vulnerabilities across all types of systems and software, thereby prioritizing them and making it easy for IT teams to eliminate security loopholes.
Goals and objectives
- Build Powerful Custom Vulnerability Management Software: develop a complex cutting-edge security solution that will allow businesses in any industry to save time for cybersecurity teams by identifying and fixing issues and preventing money loss for costly brand- and reputation-damaging data breaches.
- Implement a Wide Range of Functionalities: enable the platform to aggregate the data provided by the different scanners, making this data available to the user using a comprehensive, all-in-one, and easy-to-view dashboard. Additionally, it was the goal for a platform to not only pinpoint any existing security vulnerabilities but also suggest ways to eliminate them, calculating the losses that the business is likely to incur over a user-specified timeframe if a security gap is not eliminated in time.
- Make a Tight Deadline: deliver the core solution with key functionality as fast as possible, to save money for our client and surpass competitors in this niche.
Project challenge
- Using Amazon Cognito as a Client Choice: learn quickly how to maximize the efficiency of this tool, and leverage it for user authentication, authorization, and management. Deal with its customization complexity, scalability, and performance considerations, as well as security concerns.
- Quick Integration with Multiple 3rd-Party Security Products: ensure that the Phoenix Security platform is integrated with an increasing number of vulnerability scanners from the top global security providers. Find a way to overcome compatibility and performance issues to be able to easily add new integrations in the future.
- Reconstruction of the Domain Model for Integration of Cloud-Infrastructure Scanning Solutions: conduct a detailed analysis of the current domain model and its limitations in the context of cloud infrastructure, adopt a modular approach to redesigning the model, and implement a scalable data architecture to improve data flow.
Solution
We joined the project at the very beginning, in the fall of 2020, and offered our services as a dedicated team, becoming a full-time custom software development provider. For the most part, the system architecture and domain model of the project were created on the client’s side, but we are also actively offering our ideas and suggestions for improvements. As for the actual technical implementation, we delivered every software development aspect, thus transforming the brilliant idea of a modern security solution into reality.
While having extensive expertise in diverse tech stacks and cutting-edge technologies, none of our experts in the assembled dedicated team had any previous experience working with Amazon Cognito. We needed to quickly learn how to work with Amazon Cognito to implement authorization and authentication functionality on the platform. When we successfully achieved this, we found out about more challenges concerning this AWS product — it was hard to scale and customize for our goals, so we needed to put in additional effort to make it work.
As for integration with third-party security solutions, we began with Netsparker and Acunetix, web scanners. The plan for the first version of MVP was to integrate a few scanners, each responsible for its respective area: scanning websites, repositories, and libraries. During the development process, it was decided to include more scanners to attract more customers.
We have currently integrated with 10 leaders in the security products market, including the following:
- Netsparker and Acunetix for web testing
- Cloud Guard (Dome9), AWS Security Hub, and Prisma Cloud for the testing of the cloud infrastructure
- SNYK for scanning of libraries
- Fortify, Checkmarx, Code Inspector, and Veracode for the code analysis.
At first, we started with application scanners, but later, the client decided to integrate with security products that can scan the cloud infrastructure which is on an entirely different level of security products, compared to scanners. The main blocker here was the fact that our domain infrastructure was created for application scanners, so we had to rebuild it according to the new demands, adding a lot of significant changes to the code. This was required for mapping the Cloud Guard (Dome9), AWS Security Hub, and Prisma Cloud, getting the correct results, and normalizing them.
It is important to acknowledge our efforts in creating an outstanding user interface. The design team consisted of two Front-End developers and a UI/UX designer, who created from scratch the 1.0 version of the user interface and completely redesigned it two months before the release date set by the client. It happened because the initial vision of the product has undergone several gradual market-related adjustments during the project’s later stages. This has impacted the product’s GUI and architecture across the system to quite a significant extent. We have seamlessly integrated all the required market-dictated changes, including those to the system’s software architecture.
We also successfully dealt with the challenge concerning the TimescaleDB built on PostgreSQL and optimized it for fast ingest and complex queries. We used this open-source time-series database to read and visualize data for reports. The TimescaleDB was used as a statistical solution for the first few months, but we later felt the need for something more scalable. So, we decided to remove the TimescaleDB and use our custom statistical solution for reading and visualizing data for reports.
Tech Stack
-
AWS -
ECS -
RDS -
Cognito -
CodePipeline -
CodeBuild -
Lambda
-
Kotlin -
SpringBoot -
Hibernate -
PostgreSQL -
GraphQL -
Docker
-
Angular -
TypeScript -
Chart -
RxJS -
Bootstrap
Our results
After over a year since the active development process started, we helped to launch Phoenix Security, a brand-new platform dedicated to smart software security and risk-based vulnerability management for investors and user testing.
- Seamless and Fast Components Integration: developed a swift process for integration of 3rd-party scanners and security products based on their credentials in a single iteration. As a result of this, the platform is ready for quick growth and the integration of any security products necessary.
- Cloud Infrastructure Support: rebuilt a platform to operate using security products that can scan the cloud infrastructure. We now have valuable production experience with the AWS Cognito, and continue to fine-tune it for better performance.
For now, we continue working on this project, improving existing features and adding new ones. Our team is looking forward to leveraging the power of Artificial Intelligence and building custom solutions to collect the security statistics of the biggest entities.
Highlights Client HaulHub is a B2B2C company providing a digital platform for the transportation construction industry. The organization is...
Explore Case