Summary
Industry: Security, Risk management
Location: London, the U.K.
Partnership period: 12 months
Team size: 7 experts
Software products: AppSec Phoenix platform
Expertise delivered: Platform development from scratch, custom software development services, software support, maintenance, feature improvement, implementation of brand-new features, and design.
Challenge
Mr. Francesco Cippolone is London, UK-based serial entrepreneur and security consultant with a strong background in application security and security management. Mr. Cippolone was looking to implement his idea of an innovative vulnerability management platform. SPD Technology became the IT provider of choice for the project after Mr. Cippolone had become thoroughly familiar with our company’s competencies and experience and met with us in person to discuss his project in depth.
The underlying idea behind the client’s product is enabling high-ranking company executives from all industries to quickly gain a single view of any vulnerabilities and security gaps in the IT landscapes of their businesses at any point in time.
The platform allows a much wider view of relevant data from a host of sources. It lets the user quickly get familiar with this data in a user-friendly way. The application makes it easier for technical experts to call business executives’ attention to cyber security-related issues. It also renders cybersecurity management more cost-efficient for businesses.
The solution allows cybersecurity teams to identify and fix security issues more quickly, thus preventing financial losses and reputation damages as a result of data breaches.
To ensure this, the platform serves as a single point of access to more than a score of diverse vulnerability scanners from the various security providers it is integrated with.
The system aggregates the data provided by the different scanners. It makes this data available to the user by means of a comprehensive, all-in-one, and easy-to-view dashboard. This dashboard provides general information on each of the applications added to the user’s account (total vulnerability, severity, and risk level):
Notably, the system not only pinpoints any existing security vulnerabilities, but also suggests ways to eliminate them. Furthermore, the platform calculates the losses that the business is likely to incur over a user-specified timeframe, if a security gap is not eliminated in time.
It is possible to display a list of all the vulnerabilities.
Besides, the user can select a vulnerability from the list and display detailed info on it.
Security experts can manage all the work in relation to a vulnerability by using the system’s Security Dashboard.
The client’s platform works with a diverse array of scanners that span different areas of corporate IT security. For example, the solution vets code, identifies antiquated Java libraries that contain vulnerabilities, and advises the user against using a specific development method, while also suggesting a viable alternative. Importantly, it is possible to integrate the platform with security products that are capable of scanning Cloud-based infrastructures.
Don't have time to read?
Book a free meeting with our experts to discover how we can help you.
Book a MeetingSolution
The project kicked off in October of 2020, and has since been ongoing. To implement the project, we put together a 4-strong dedicated development team. During the initial phase, in addition to the software developers (one of them also acted as the Project Manager), our project team also included a UI/UX designer and a software architect. Our software architect has built the entirety of the solution’s software architecture.
The development of the client’s platform started with an MVP that was initially integrated with several security scanners.
During the different stages of the project, the number of SPD Technology’s experts has varied, peaking at 7 team members during the project’s later stages. The project team has been managed by our Project Manager. Along with the rest of the project team, our Project Manager has been working in close contact with the client’s CEO and CTO throughout the project’s duration.
Agile was chosen as the project’s development methodology.
While working on the project, our development team has encountered several hurdles and challenges. For instance, to be able to test one of the different parts of the system’s functionality, we’ve had to request our client to approach the corresponding security software vendor for access authorization.
As one of the goals of the project has been to make the platform maximally useful and user-friendly, the initial vision of the product has undergone several gradual market-related adjustments during the project’s later stages. This has impacted the product’s GUI and architecture across the system to quite a significant extent. We have seamlessly integrated all the required market-dictated changes, including those to the system’s software architecture.
The first version of the solution that included all the planned functionality successfully went live in September of 2021. Currently, our project team is engaged in maintaining and expanding the application.
Technical Solution
In implementing the project, our project team has been using the following technology stack:
- Infrastructure: Amazon AWS (ECS, RDS, Cognito, CodePipeline, CodeBuild, Lambda)
- Back-End: Kotlin, Spring Boot, Hibernate, PostgreSQL, GraphQL, Docker
- Front-End: Angular, TypeScript, Nebular, Chart, RxJS, Bootstrap
The technical implementation of the project has posed several significant challenges:
- Using Amazon Cognito as a client choice.
- Quickly integrating the solution with multiple third-party security products.
- Reconstructing the domain model for the integration of Cloud-infrastructure scanning solutions.
Although none of our experts had any experience with Amazon Cognito (that facilitates user authentication, use authorization, and user management for Web and mobile applications), they quickly learned using this tool. Scaling and customizing the software to fit the goals of the project has taken us an additional effort.
Our project team has successfully coped with all the integration challenges the project has held. We’ve integrated the platform with Netsparker and Acunetix (for web testing), Cloud Guard (Dome9), AWS Security Hub and Prisma Cloud (for the testing of the cloud infrastructure), SNYK (for the scanning of libraries), Fortify, Checkmarx, Code Inspector, and Veracode (for code analysis), and other products. Besides, we’ve also developed a proprietary methodology that allows quickly integrating the platform with third-party solutions.
Result
The Appsec Phoenix security management platform was successfully released September 7, 2021 in accordance with all the client’s expectations, on time and on budget.
At present, the Appsec Phoenix platform represents an innovative, full-blown cybersecurity management solution that has won multiple prestigious cybersecurity awards and has gained strategic partners amongst the well-known providers of cybersecurity management solutions.
The following video is an interview with Mr. Francesco Cipollone, who is sharing his thoughts on Appsec Phoenix’s cooperation with SPD Technology.
Ready to speed up your Software Development?
Explore the solutions we offer to see how we can assist you!
Schedule a Call