Technical Audit of an Application
A comprehensive audit of the application's architecture, code, and infrastructure.
About the client
Our client is a financial advisor who runs blogs on well-known platforms. He provides advice to subscribers on their investment options and charges for his services.
Engagement model
Time & material
Effort and duration
6 weeks
Project team
1 Tech Lead, 1 Frontend Developer, 1 Backend Developer, 1 DevOps, 1 QA Engineer
Tech stack / Platforms
Project background
At a certain point, the client decided to develop their own cross-platform application and hired a third-party vendor to handle the development. Unfortunately, the vendor repeatedly postponed the delivery and the quality of the provided demos did not meet expectations.
Our client was dissatisfied with the collaboration and wanted to conduct a technical audit of the project. They approached us to audit the architecture, code, and infrastructure of the application before its launch.
The application, developed by a third-party vendor for our client, is made up of several components within its ecosystem:
A cross-platform Flutter application that offers complete access to over 10 investment portfolios managed by experienced analysts. The app provides comprehensive information on stocks, bonds, and ETFs (exchange-traded funds), along with key stock market indicators. Additionally, it includes analytical reviews of companies and industries, news and key events, and rationales for investments.
Customer relationship management system (CRM), content management system (CMS), and server part.
Once we received all the required information from the client, our team, which included a tech lead, a frontend developer, a DevOps engineer, and a QA specialist, began working on the project.
Audit process
We started by creating a comprehensive audit plan to define the scope of work. We identified key areas to review – backend, frontend, DevOps, and penetration testing – and created a step-by-step audit plan for each.
Backend:
static code analysis;
analysis of the application core to assess implementation quality;
evaluation of security measures; analysis of architecture and data storage structure;
review of application implementation approaches (including generally accepted practices, SOLID, DRY, KISS, etc.);
assessment of dependency relevance (i.e. relevance of library versions);
local application launch;
and report of results and conclusions.
Frontend:
static code analysis;
checking the approaches and implementation of the front-end part of the application;
checking approaches to CSS implementation;
analysis and evaluation of the main approaches to ensuring security;
verifying the relevance of the libraries used;
launching the application locally;
and report of results and conclusions.
DevOps:
infrastructure performance check, including virtual network and application server;
analysis of the implementation of the IaC approach;
analysis of CI/CD processes, including assembly, delivery, and application integration;
database settings and load compliance check;
analysis of the approach to storing and transmitting sensitive data;
audit of configurations and monitoring/logging systems;
audit of backup and recovery processes;
deployment of the infrastructure locally or in test mode;
description of results and conclusions;
compilation of a list of recommended services and tools to use or integrate.
Audit findings
Our specialists identified the following issues that need to be addressed:
The incorrect configuration of the orchestrator caused issues with system scaling according to the workload. As a result, computing resources were not utilized efficiently.
Basic protection against DDoS, available on the Cloudflare service, was enabled. This feature helped prevent small attacks but did not provide protection against more sophisticated and massive attacks.
The core functionality of the system was not adequately covered by automatic functional and integration tests. As a result, errors and issues in the system, whether they were new or existing, could remain undetected until they reached end users. Moreover, the delivery of new features took longer because cyclic regression testing was required.
Infrastructure as Code (IaC) was not implemented, making it harder and more expensive to maintain and update the infrastructure.
The lack of up-to-date documentation, including both technical and functional requirements documentation, caused implementation issues and hindered proper project testing.
Recommendations
We proposed a step-by-step plan for implementing the recommendations to the client, based on our findings.
Address issues related to the configuration of the cloud infrastructure, specifically the settings for the orchestrator, database, and file storage.
Upgrade to the paid version of Cloudflare and update SSL certificates.
Expand automated functional test coverage; develop a minimum set of automated integration tests at the system module level and make their execution mandatory to ensure the quality of new updates being delivered to the production environment.
Switch to infrastructure as code (IaC) standard.
Update the technical and requirements documentation.
Results
Our team identified some issues and gaps in the app’s code and infrastructure that were impacting its quality and increasing support costs. Once the audit was completed, we thoroughly discussed our findings with the client and explained their role. We also offered a comprehensive, step-by-step plan for fixing the identified issues. By implementing our recommendations, the client was able to ensure that their application was functioning properly and significantly reduce costs for product support.
Want to assess quality of your software? Contact us to identify and fix potential issues.
Related Projects
All Projects
Financial Data Analytical Platform for a Large Investment Management Company
Financial Data Analytical Platform for a Large Investment Management Company
- Fintech
- Enterprise
- ML/AI
- Project Audit and Rescue
AI-based data analytical platform for wealth advisers and fund distributors that analyzes clients’ stock portfolios, transactions, quantitative market data, and uses NLP to process text data such as market news, research, CRM notes to generate personalized investment insights and recommendations.
App for Getting Instant Loans / Online Lending Platform for Small Businesses
App for Getting Instant Loans / Online Lending Platform for Small Businesses
- Fintech
- ML/AI
- Credit Scoring
Digital lending platform with a mobile app client fully automating the loan process from origination, online loan application, KYC, credit scoring, underwriting, payments, reporting, and bad deal management. Featuring a custom AI analytics & scoring engine, virtual credit cards, and integration with major credit reporting agencies and a bank accounts aggregation platform.
Wealth Management Platform
Wealth Management Platform
- Fintech
Wealth management platform connecting investors with a professional wealth-advisory company, allowing investors to answer a questionnaire and receive either a recommended model portfolio or a custom-tailored individual portfolio, that is further monitored, rebalanced and adjusted by a professional wealth-adviser based on the changing market conditions and client’s goals.
AI-Powered Financial Analysis and Recommendation System
AI-Powered Financial Analysis and Recommendation System
- Fintech
- ML/AI
The system uses machine learning techniques to process various content feeds in realtime and boost the productivity of financial analysts and client relationship managers in domains such as wealth management, commercial banking, and fund distribution.
Contact Form
Drop us a line and we’ll get back to you shortly.
For Quick Inquiries
Offices
8, The Green, STE road, Dover, DE 19901
Żurawia 6/12/lok 766, 00-503 Warszawa, Poland