Discovery phase for Counter Tools
Software audit and BA processes expertise
DevOps expertise
Seamless security certification
Project overview
Counter Tools has worked with a web and mobile development team to deliver a software solution to California’s Department of Justice for the past few years. As of 2022, the project is in its maintenance period. The major near-term app-level enhancement would involve automation of the current human involvement in data merger conflicts. The California Dept of Justice wants to improve throughput and capacity for the built solution. In addition, the solution has to be compliant with the security protocols. The key needs for Counter Tools SaaS product lines include app-level feature enhancements; Django web framework upgrade; Cloud Controls Matrix protocol review and adoption where applicable; SaaS availability, uptime, reporting procedure review; penetration tests, and ethical hack methodology process.
Client information
Counter Tools is a US-based non-profit company and software tools provider that assists public health organizations in pursuing policy, systems, and environmental interventions that create healthier retail stores and neighborhoods. The company empowers communities to become healthier by helping public health practitioners and community members collect data on their local retailers, visualize disparities using maps, and mobilize for policy change.
Team composition
5 members
Client name
Counter Tools
Expertise used
Cloud solutions
Duration
1 month
Services provided
Discovery phase, Software audit, DevOps, Manual testing
Country
United States of America
Industry
Government
Business challenge
Counter Tools is committed to ensuring customer data integrity and security. The company had to find software security testing specialists to do penetration testing. So, the Counter Tools team asked us to help them prepare for penetration testing.
Technical challenges
This project needed high-level specialists in Business Analysis, Software Architecture, DevOps and Security engineering. We had to figure out how Counter Tools’ frontend and backend worked to recommend the right software testing strategy. So, we have successfully conducted a discovery phase and provided our findings to the client.
Solution delivered
During the discovery phase, DICEUS reviewed and assessed the Counter Tools’ documentation, source code, DevOps, DevSecOps, and QA strategies and processes. As a result, we delivered the discovery phase report that included gap analysis and all the findings. It consisted of the research objects, a code review summary, CI/CD processes analyses, BA summary, and recommendations. In addition, the functional specification, user story templates, and possible enhancement were presented. The other part of the project’s deliverables were recommendations on the security certification plan, high-level security recommendations for penetration testing, SoW of security consulting, gap analysis, and AWS Cloud security assessment.
Claim a 30-minute talk with our experts and get a step-by-step strategy for your project for free!
Key features
Code review summary
Our team did front-end and back-end code review, also referred to as software audit. As a result, the client received our recommendations on enhancements, SDLC best practices, test coverage, static analysis for code, and automatic tools for code review.
Requirements formalization
As part of our involvement into the project, we defined and offered an approach to requirements approval by the customer, set a level of requirements abstraction, and explained how to trace whether initial requirements are aligned with the requirements released.
CI/CD pipeline
We analyzed CI/CD processes the client had and provided some summary on how to better transfer code repositories from GitHub and build deploying processes from TravisCI to AWS tools (CodeCommit, CodePipeline, CodeBuild).
Security process recommendations
The client got recommendations on security certification plan, application security high-level recommendations, and penetration testing strategy.
Value to our client
Software audit and BA processes expertise
Based on the analysis results, code enhancement recommendations were presented. If implemented, the code improvements can significantly affect the quality of software maintenance processes.
DevOps expertise
The automation of software code testing during development can reduce the cost of identifying and fixing bugs after release by up to 30%.
Seamless security certification
The developed security certification plan can significantly reduce the costs of certification preparation and make the process smooth.
Our tech stack
Python
Django
AWS
PostgreSQL
Travis CI
Django REST
Celery
Client feedback
I was impressed by the knowledge, skill, and professionalism that led the DICEUS team to successfully perform under unique circumstances and meet all of our needs. I also found the internal processes and structures you had in place to manage this engagement exceptional. The execution of your internal processes (document review, in-depth and probing questions, demonstrable industry experience, etc.) served to demonstrate your teams’ expertise in this space. That gave me confidence in DICEUS’ ability to handle complex development tasks and other activities that may be in Counter Tools’ future. Thank you for the experience and your support.
Ernest Hudson, Director, Systems Analysis and Delivery
