Our client performs security audits and penetration tests on their customer's software and network infrastructure. We developed a web-based portal to centralise the business processes around reporting. The new portal increases productivity and improves the customer experience.
Talk to us about your project
on
A security audit can contain a great deal of information. Having a quick at-a-glance summary of the current state of the audit is crucial for everyone involved, allowing for decisions to be made and actions to be taken more quickly, closing the feedback loop. Allowing a customer to remedy a security vulnerability as soon as possible is of particular importance, reducing the risk of damages.
The dashboard features charts that break down the number of unresolved security vulnerabilities discovered by their severity, both as a total and a breakdown over time - which can be used to aid performance metrics. Also shown are short lists of vulnerabilities by their current status (open/resolved) with short summaries for context. This quickly shows the customer what actions they need to take.
The core business processes revolve around producing a report as an output, detailing the findings of an audit. Previously, reports were created directly in a word processor and collaborated on internally before sending to the customer. Our interactive report builder allows findings to be reported more intuitively as part of the audit workflow, without having to worry about formatting and sharing a document.
The step-by-step report wizard allows a report to be built and collaborated on easily. Consultants can fill out the written sections in this builder, such as the executive summary. Testers can focus on reporting vulnerabilities to the system, outside of the report builder, allowing them to focus on their work.
Automatic report generation allows different types of reports to be generated, based on the same information, for different purposes, with no additional effort required. For example, a full detailed technical report aimed at developers, a slimmed down executive summary style report for key stakeholders, or an anonymised version for safe printing.
Due to the nature of the information, it was important to know who has modified what and when. Each user has their own account to access the software, allowing any changes they make to be tracked.
The status of an audited system can constantly evolve, as new discoveries are made and actions taken. It was required to have report versions to capture a snapshot at a certain point in time. This versioning is necessary for accreditation, to show that a system meets standards on a certain date.
We identified that testers were spending a lot of time reporting the same common vulnerabilities between different audits, a potential area for time savings. Time spent reporting these vulnerabilities was reduced by creating a vulnerabilities database, containing information on all of the common vulnerabilities, and allowing these vulnerabilities to easily be added to a new audit.
Previously, customers had to wait until their full report had been completed before they would get the opportunity to start performing remedial actions. The longer vulnerabilities exist for, the higher the risk of damage from them being exploited. Of course, more severe vulnerabilities could be disclosed via email in advance, but this was not ideal for efficiency.
The software allows a closer working relationship with customers, who have their own accounts to access the software. Customers can view their audits in real-time, allowing them to take remedial action as soon as they are able to. For customers with time-critical audits, this provides our client with a cutting edge of their competitors, as the elapsed time can be reduced due to the tighter feedback loop.
Customers can report any remedial actions they undertake and request for that area to be re-tested, all within the software.
Not all heroes wear capes. These behind-the-scenes features don't have screenshots, but form an important part of the project.
– Richard Merrygold, iSTORM
100% UK-based
Free 30 minute scoping call
No obligation high-level proposal
Our client performs security audits and penetration tests on their customer's software and network infrastructure. These audits can span from a few days, to months or more.
Before we developed this software, reports were being produced in Word, and findings were communicated via email. This approach was limiting their ability to scale the company. Human error, lack of efficiency, and organisation were some of the biggest pain points. Off-the-shelf software didn't have the capability to fit seamlessly into our client's processes, so bespoke software was the best way to go.
We designed and developed this centralised system that encapsulated the main report-writing processes. The goal was to add as much automation to our client's workflow as possible — increasing productivity whilst improving the customer experience. The core feature is the interactive report builder, which pulls in information entered into the system and generates branded digital reports.
Customers are given access to their report via the web portal, and have the option to download a PDF copy. They also have the ability to report remedial actions that they have taken. This in turn allows customers to keep their own audit trail, and manage risks appropriately.
The new bespoke solution has put the company on a growth path — taking the company to the next level. All information is now centralised, helping to prevent important information and actions being lost in email threads. Initial feedback has shown that reports can be produced in a shorter amount of time, giving the client opportunities to increase profit margins.
The improved communication is closing the feedback loop with customers, providing a better experience and potentially increased repeat business. The new software provides a positive unfair advantage over their competitors, who may not be able to match the new service offering.
Finally, as client reports are now fully accessible via the web portal, reports are kept up-to-date in real time — a major advantage over printed reports, and a significant green advantage for the project.
Questions about developing an app?
on
