Technical Audit of an Application

A comprehensive audit of the application's architecture, code, and infrastructure.

Technologies / Platforms

About the client

Our client is a financial advisor who runs blogs on well-known platforms. He provides advice to subscribers on their investment options and charges for his services.

Engagement model

Time & material

Effort and duration

6 weeks

Project team

1 Tech Lead, 1 Frontend Developer, 1 Backend Developer, 1 DevOps, 1 QA Engineer

Tech stack / Platforms

Project background

At a certain point, the client decided to develop their own cross-platform application and hired a third-party vendor to handle the development. Unfortunately, the vendor repeatedly postponed the delivery and the quality of the provided demos did not meet expectations.

Our client was dissatisfied with the collaboration and wanted to conduct a technical audit of the project. They approached us to audit the architecture, code, and infrastructure of the application before its launch.

The application, developed by a third-party vendor for our client, is made up of several components within its ecosystem:

  • A cross-platform Flutter application that offers complete access to over 10 investment portfolios managed by experienced analysts. The app provides comprehensive information on stocks, bonds, and ETFs (exchange-traded funds), along with key stock market indicators. Additionally, it includes analytical reviews of companies and industries, news and key events, and rationales for investments.

  • Customer relationship management system (CRM), content management system (CMS), and server part.

Once we received all the required information from the client, our team, which included a tech lead, a frontend developer, a DevOps engineer, and a QA specialist, began working on the project.

Audit process

We started by creating a comprehensive audit plan to define the scope of work. We identified key areas to review – backend, frontend, DevOps, and penetration testing – and created a step-by-step audit plan for each.


  • static code analysis;

  • analysis of the application core to assess implementation quality;

  • evaluation of security measures; analysis of architecture and data storage structure;

  • review of application implementation approaches (including generally accepted practices, SOLID, DRY, KISS, etc.);

  • assessment of dependency relevance (i.e. relevance of library versions);

  • local application launch;

  • and report of results and conclusions.


  • static code analysis;

  • checking the approaches and implementation of the front-end part of the application;

  • checking approaches to CSS implementation;

  • analysis and evaluation of the main approaches to ensuring security;

  • verifying the relevance of the libraries used;

  • launching the application locally;

  • and report of results and conclusions.


  • infrastructure performance check, including virtual network and application server;

  • analysis of the implementation of the IaC approach;

  • analysis of CI/CD processes, including assembly, delivery, and application integration;

  • database settings and load compliance check;

  • analysis of the approach to storing and transmitting sensitive data;

  • audit of configurations and monitoring/logging systems;

  • audit of backup and recovery processes;

  • deployment of the infrastructure locally or in test mode;

  • description of results and conclusions;

  • compilation of a list of recommended services and tools to use or integrate.

Audit findings

Our specialists identified the following issues that need to be addressed:

  • The incorrect configuration of the orchestrator caused issues with system scaling according to the workload. As a result, computing resources were not utilized efficiently.

  • Basic protection against DDoS, available on the Cloudflare service, was enabled. This feature helped prevent small attacks but did not provide protection against more sophisticated and massive attacks.

  • The core functionality of the system was not adequately covered by automatic functional and integration tests. As a result, errors and issues in the system, whether they were new or existing, could remain undetected until they reached end users. Moreover, the delivery of new features took longer because cyclic regression testing was required.

  • Infrastructure as Code (IaC) was not implemented, making it harder and more expensive to maintain and update the infrastructure.

  • The lack of up-to-date documentation, including both technical and functional requirements documentation, caused implementation issues and hindered proper project testing.


We proposed a step-by-step plan for implementing the recommendations to the client, based on our findings.

  • Address issues related to the configuration of the cloud infrastructure, specifically the settings for the orchestrator, database, and file storage.

  • Upgrade to the paid version of Cloudflare and update SSL certificates.

  • Expand automated functional test coverage; develop a minimum set of automated integration tests at the system module level and make their execution mandatory to ensure the quality of new updates being delivered to the production environment.

  • Switch to infrastructure as code (IaC) standard.

  • Update the technical and requirements documentation.


Our team identified some issues and gaps in the app’s code and infrastructure that were impacting its quality and increasing support costs. Once the audit was completed, we thoroughly discussed our findings with the client and explained their role. We also offered a comprehensive, step-by-step plan for fixing the identified issues. By implementing our recommendations, the client was able to ensure that their application was functioning properly and significantly reduce costs for product support.

Want to assess quality of your software? Contact us to identify and fix potential issues.

Contact Form

Drop us a line and we’ll get back to you shortly.

For Quick Inquiries


United States

8, The Green, STE road, Dover, DE 19901


Żurawia 6/12/lok 766, 00-503 Warszawa, Poland

Company name
Phone number