5/5 - (7 votes)

Challenge

Mr. Francesco Cippolone, the London, UK-based serial entrepreneur and security consultant with a strong background in application security and security management, was looking to implement his idea of an innovative vulnerability management platform. SPD Group became the IT provider of choice for the project after Mr. Francesco Cippolone had become thoroughly familiar with our company’s competencies and experience and met with us in person to discuss the project in depth.

The underlying idea behind the client’s product was enabling high-ranking company executives from all industries to quickly gain a single view of any vulnerabilities and security gaps in their businesses’ IT landscapes at any point in time.

The platform allows a much wider view of relevant data from a host of sources, and lets the user quickly get familiar with this data in a user-friendly way. It makes it easier for technical experts to call business executives’ attention to cyber security-related issues, and renders cybersecurity management more cost-efficient for businesses.

The solution allows cybersecurity teams to identify and fix security issues more expeditiously, thus preventing financial losses and reputation damages as a result of data breaches.

To ensure this, the platform serves as a single point of access to more than a score of diverse vulnerability scanners from various security providers it is integrated with.

The scanners page

The system aggregates the data provided by the different scanners, and makes it available to the user by means of a comprehensive, all-in-one, and easy-to-view dashboard. This dashboard provides general information on each of the applications added to the user’s account (total vulnerability, severity, and risk level):

Appsec Phoenix Dashboard

Notably, the system not only pinpoints any existing security vulnerabilities, but also suggests ways to eliminate them. Furthermore, the platform calculates the losses that the business is likely to incur over a user-specified timeframe, if a security gap is not eliminated in time.

It is possible to display a list of all vulnerabilities.

Appsec Phoenix Vulnerability List

Besides, the user can select a vulnerability from the list and display detailed info on it.

Appsec Phoenix Platform

Security experts can manage all the work in relation to a vulnerability using the system’s Security Dashboard.

Appsec Phoenix Platform

The client’s platform works with a diverse array of scanners that span different areas of corporate IT security. For example, the solution vets code, identifies antiquated Java libraries that contain vulnerabilities, and advises the user against using a specific development method, while also suggesting a viable alternative. Importantly, the platform can be integrated with security products that are capable of scanning Cloud-based infrastructures.

Don't have time to read?

Book a free meeting with our experts to discover how we can help you save time and money.

Book a Meeting

Solution

The project kicked off in October of 2020, and has since been ongoing. To implement the project, we put together a 4-strong development team. During the initial phase, in addition to the software developers (one of them also acted as the Project Manager), our project team also included a UI/UX designer and software architect. This expert has built the entirety of the solution’s software architecture.

The development of the solution started with an MVP that was initially integrated with several security scanners.

During the different stages of the project, the number of SPD Group’s experts implementing it has varied, peaking at 7 team members during the project’s later stages. The project team has been managed by our Project Manager, who, along with the rest of the team members has been in close contact with the client’s CEO and CTO throughout the project’s duration. Agile was chosen as the project’s development methodology.

While working on the project, our development team has encountered several hurdles and challenges. For instance, in order to be able to test one of the different parts of the system’s functionality, we’ve had to request our client to approach the corresponding security software vendor for access authorization.

As one of the goals of the project has been to make the platform maximally useful and user-friendly, the initial vision of the product has undergone some gradual market-related adjustments during the project’s later stages. This has impacted the product’s GUI and architecture across the system to quite a significant extent.

We have seamlessly integrated all the required market-dictated changes, including those to the system’s software architecture.
The first version of the solution that comprised all the planned functionality successfully went live in September of 2021. Currently, our project team is engaged in maintaining and expanding the system.

Need help with software development services?

Book a free meeting with our experts to find out how we can help you to build your project according to your business vision.

Book a Meeting

Technical solution

In implementing the project, our project team has been using the following technology stack:

  • Infrastructure: Amazon AWS (ECS, RDS, Cognito, CodePipeline, CodeBuild, Lambda)
  • Back-End: Kotlin, Spring Boot, Hibernate, PostgreSQL, GraphQL, Docker
  • Front-End: Angular, TypeScript, Nebular, Chart, RxJS, Bootstrap

The technical implementation of the project has posed several significant challenges:

  • Using Amazon Cognito as a client choice
  • Quick integration with multiple third-party security products
  • Reconstructing the domain model for the integration of Cloud-infrastructure scanning solutions.

Although none of our experts had any experience with Amazon Cognito that facilitates user authentication, user authorization, and user management for Web and mobile applications, they quickly learned using this tool. Scaling and customizing the software to the goals of the project took an additional effort.

The project team has successfully coped with all the integration challenges the project held. We’ve integrated the platform with Netsparker and Acunetix (for web testing), Cloud Guard (Dome9), AWS Security Hub and Prisma Cloud (for the testing of the cloud infrastructure), SNYK (for the scanning of libraries), Fortify, Checkmarx, Code Inspector, and Veracode (for code analysis), and other products. Besides, we’ve also developed a proprietary methodology for the platform’s fast integration with third-party solutions.

Result

The Appsec Phoenix security management platform was successfully released September 7, 2021 in accordance with all the client’s expectations, on time and on budget.

Presently, the Appsec Phoenix platform represents an innovative and full-blown cybersecurity management solution that has won multiple prestigious cybersecurity awards and gained strategic partners amongst well-known providers of cybersecurity management solutions.
The following video is an interview with Mr. Francesco Cipollone, sharing his thoughts on Appsec Phoenix’s cooperation with SPD Group.

ARE YOU INTERESTED IN SOFTWARE DEVELOPMENT SERVICES?

Contact our experts to get a free consultation and time&budget estimate for your project.

Contact Us