AppSec.Hub

Customer

Swordfish-Security company specializes in the implementation of methodologies and practices for the development of secure software - SSDL. AppSec.Hub is the result of its experience and expertise in the development and implementation of SSDL.

Our task

The client needed to create new pages and fix the layout of the existing application screens. All of this should be accompanied by a responsive layout and a simple, responsive design.

• The “View activity log” component has been created, which displays data on open errors, the number of vulnerabilities found.
• The “User profile” page has been created, displaying data about the user, the commands in which he is located, the available applications and workspaces. The editing mode is implemented if the user has these rights.
• The “Company profile” page has been created, it displays information about the company, a list of all subsidiaries and below. The “Company profile” page is divided into several tabs.
• The “Members” tab includes a list of all members of this company with a “lazy load” function when scrolling down and searching for a specific member using the search bar. There are also functions for adding, deleting and editing a user, if the user has such rights.
• The “Teams” tab includes a list of teams that include members of these teams, there is the ability to edit, add and remove teams, add new members, or remove old ones, search for a specific team member.
• The “Tools” tab includes a set of tools grouped by workspace. There is the ability to check the status of the instrument (correctness of the entered data, instrument address, accessibility), the ability to add a new instrument, delete an old one or edit.
• The “Application profile” page has been created. Includes complete information on the application, divided into several tabs.
• The “Info” tab includes general information about the app, information about the developer company, information about the number of risks, errors, etc.
• The “App risk profile” tab includes a list of open errors and risks, with the ability to edit, delete and add new ones. In the second part of the tab, there is a diagram showing the severity of current errors and risks.
• The “Environment” tab includes a list of sources and instances, displays data about them (address, VCS, branch, build tool, etc.) with the ability to add, edit and delete them.
• The Issues tab includes a list of defects and errors. There is an opportunity to create a new defect, or convert a defect into an error. The functions of grouping and sorting by priority and status have been implemented.
• The Project teams tab includes information about teams, development tools, and more.
• The Tools tab includes a list of selected sources for testing with specific tools. A number of tools are grouped through workspaces. It is necessary to install a number of tools for the sources we need and set the parameters and fail conditions for the tools to start functioning. Further, on this tab, a section for mapping fields and values ​​(HubUi and Jira) is implemented.

Solutions

In accordance with the terms of reference, we completed the following tasks:

Styles were transferred from HTML-template to separate SCSS files with subsequent compilation to CSS. Fixed layout and styles for the main elements of the application for all necessary browsers and various devices.

We have implemented many new pages and services. All components interact with the server-side via HTTP requests.

Results

We have implemented all the ideas of the client. AppSec.Hub has become a hybrid application for managing SSDL processes, it isn’t tied to specific devices or platforms and provides its functionality via iOS and Android gadgets with Internet access.