Home / Portfolio / Technical Audit

Technical Audit of an Application

A comprehensive audit of the application's architecture, code, and infrastructure.

Industries

Fintech

Technologies / Platforms

About the client

Our client is a financial advisor who runs blogs on well-known platforms. He provides advice to subscribers on their investment options and charges for his services.

Engagement model

Time & material

Effort and duration

6 weeks

Project team

1 Tech Lead, 1 Frontend Developer, 1 Backend Developer, 1 DevOps, 1 QA Engineer

Tech stack / Platforms

Project background

At a certain point, the client decided to develop their own cross-platform application and hired a third-party vendor to handle the development. Unfortunately, the vendor repeatedly postponed the delivery and the quality of the provided demos did not meet expectations.

Our client was dissatisfied with the collaboration and wanted to conduct a technical audit of the project. They approached us to audit the architecture, code, and infrastructure of the application before its launch.

The application, developed by a third-party vendor for our client, is made up of several components within its ecosystem:

A cross-platform Flutter application that offers complete access to over 10 investment portfolios managed by experienced analysts. The app provides comprehensive information on stocks, bonds, and ETFs (exchange-traded funds), along with key stock market indicators. Additionally, it includes analytical reviews of companies and industries, news and key events, and rationales for investments.
Customer relationship management system (CRM), content management system (CMS), and server part.

Once we received all the required information from the client, our team, which included a tech lead, a frontend developer, a DevOps engineer, and a QA specialist, began working on the project.

Audit process

We started by creating a comprehensive audit plan to define the scope of work. We identified key areas to review – backend, frontend, DevOps, and penetration testing – and created a step-by-step audit plan for each.

Backend:

static code analysis;
analysis of the application core to assess implementation quality;
evaluation of security measures; analysis of architecture and data storage structure;
review of application implementation approaches (including generally accepted practices, SOLID, DRY, KISS, etc.);
assessment of dependency relevance (i.e. relevance of library versions);
local application launch;
and report of results and conclusions.

Frontend:

static code analysis;
checking the approaches and implementation of the front-end part of the application;
checking approaches to CSS implementation;
analysis and evaluation of the main approaches to ensuring security;
verifying the relevance of the libraries used;
launching the application locally;
and report of results and conclusions.

DevOps:

infrastructure performance check, including virtual network and application server;
analysis of the implementation of the IaC approach;
analysis of CI/CD processes, including assembly, delivery, and application integration;
database settings and load compliance check;
analysis of the approach to storing and transmitting sensitive data;
audit of configurations and monitoring/logging systems;
audit of backup and recovery processes;
deployment of the infrastructure locally or in test mode;
description of results and conclusions;
compilation of a list of recommended services and tools to use or integrate.

Audit findings

Our specialists identified the following issues that need to be addressed:

The incorrect configuration of the orchestrator caused issues with system scaling according to the workload. As a result, computing resources were not utilized efficiently.
Basic protection against DDoS, available on the Cloudflare service, was enabled. This feature helped prevent small attacks but did not provide protection against more sophisticated and massive attacks.
The core functionality of the system was not adequately covered by automatic functional and integration tests. As a result, errors and issues in the system, whether they were new or existing, could remain undetected until they reached end users. Moreover, the delivery of new features took longer because cyclic regression testing was required.
Infrastructure as Code (IaC) was not implemented, making it harder and more expensive to maintain and update the infrastructure.
The lack of up-to-date documentation, including both technical and functional requirements documentation, caused implementation issues and hindered proper project testing.

Recommendations

We proposed a step-by-step plan for implementing the recommendations to the client, based on our findings.

Address issues related to the configuration of the cloud infrastructure, specifically the settings for the orchestrator, database, and file storage.
Upgrade to the paid version of Cloudflare and update SSL certificates.
Expand automated functional test coverage; develop a minimum set of automated integration tests at the system module level and make their execution mandatory to ensure the quality of new updates being delivered to the production environment.
Switch to infrastructure as code (IaC) standard.
Update the technical and requirements documentation.

Results

Our team identified some issues and gaps in the app’s code and infrastructure that were impacting its quality and increasing support costs. Once the audit was completed, we thoroughly discussed our findings with the client and explained their role. We also offered a comprehensive, step-by-step plan for fixing the identified issues. By implementing our recommendations, the client was able to ensure that their application was functioning properly and significantly reduce costs for product support.

Want to assess quality of your software? Contact us to identify and fix potential issues.

Related Projects

All Projects

Financial Data Analytical Platform for a Large Investment Management Company

Fintech
Enterprise
ML/AI

AI-based data analytical platform for wealth advisers and fund distributors that analyzes clients’ stock portfolios, transactions, quantitative market data, and uses NLP to process text data such as market news, research, CRM notes to generate personalized investment insights and recommendations.

Python
React.js
Django
Azure

Automated Stock Trading Platform

Fintech

An automated, real-time trading system that allows administrators to configure trading strategies based on various technical indicators, and investors to invest their money in a selected strategy.

Python
React.js
AWS

App for Getting Instant Loans / Online Lending Platform for Small Businesses

Fintech
ML/AI
Credit Scoring

Digital lending platform with a mobile app client fully automating the loan process from origination, online loan application, KYC, credit scoring, underwriting, payments, reporting, and bad deal management. Featuring a custom AI analytics & scoring engine, virtual credit cards, and integration with major credit reporting agencies and a bank accounts aggregation platform.

.NET
Swift
Azure

Mobile Banking App for Migrants

Fintech

A mobile banking app for migrants designed to facilitate monetary transactions like financial help to families, getting paychecks early, microloans, etc.

.NET
iOS
Android
Swift

White-Label Mobile Banking App

Fintech

A white-label mobile banking application for a Silicon Valley-based digital banking services provider.

Node.js
Swift

Wealth Management Platform

Fintech

Wealth management platform connecting investors with a professional wealth-advisory company, allowing investors to answer a questionnaire and receive either a recommended model portfolio or a custom-tailored individual portfolio, that is further monitored, rebalanced and adjusted by a professional wealth-adviser based on the changing market conditions and client’s goals.

.NET
Angular 5

AI-Powered Financial Analysis and Recommendation System

Fintech
ML/AI

The system uses machine learning techniques to process various content feeds in realtime and boost the productivity of financial analysts and client relationship managers in domains such as wealth management, commercial banking, and fund distribution.

Ruby on Rails
Python
Node.js

Algorithmic Intraday Stock Trading System – Stock Trading Bot

Fintech

Machine learning can automatically create and refresh an algorithm for solving a complex problem based on a large volume of data. It’s not necessary to search for business-important patterns. Instead, a team of qualified professionals should prepare the right data set for training and automate the entire data processing and application process. But at the same time, it is very important to ensure the quality of data and continuous quality control of algorithms.

.NET
React.js

Contact Form

Drop us a line and we’ll get back to you shortly.

For Quick Inquiries

[email protected]

Offices

United States

8, The Green, STE road, Dover, DE 19901

Poland

Żurawia 6/12/lok 766, 00-503 Warszawa, Poland

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Services

Other services