Discovery phase for Counter Tools
Project overview
Counter Tools has worked with a web and mobile development team to deliver a software solution to California’s Department of Justice for the past few years. As of 2022, the project is in its maintenance period. The major near-term app-level enhancement would involve automation of the current human involvement in data merger conflicts. The California Dept of Justice wants to improve throughput and capacity for the built solution. In addition, the solution has to be compliant with the security protocols. The key needs for Counter Tools SaaS product lines include app-level feature enhancements; Django web framework upgrade; Cloud Controls Matrix protocol review and adoption where applicable; SaaS availability, uptime, reporting procedure review; penetration tests, and ethical hack methodology process.
Client information
Counter Tools is a US-based non-profit company and software tools provider that assists public health organizations in pursuing policy, systems, and environmental interventions that create healthier retail stores and neighborhoods. The company empowers communities to become healthier by helping public health practitioners and community members collect data on their local retailers, visualize disparities using maps, and mobilize for policy change.
Business challenge
Counter Tools is committed to ensuring customer data integrity and security. The company had to find software security testing specialists to do penetration testing. So, the Counter Tools team asked us to help them prepare for penetration testing.
Technical challenges
This project needed high-level specialists in Business Analysis, Software Architecture, DevOps and Security engineering. We had to figure out how Counter Tools’ frontend and backend worked to recommend the right software testing strategy. So, we have successfully conducted a discovery phase and provided our findings to the client.
Solution delivered
During the discovery phase, DICEUS reviewed and assessed the Counter Tools’ documentation, source code, DevOps, DevSecOps, and QA strategies and processes. As a result, we delivered the discovery phase report that included gap analysis and all the findings. It consisted of the research objects, a code review summary, CI/CD processes analyses, BA summary, and recommendations. In addition, the functional specification, user story templates, and possible enhancement were presented. The other part of the project’s deliverables were recommendations on the security certification plan, high-level security recommendations for penetration testing, SoW of security consulting, gap analysis, and AWS Cloud security assessment.
Let’s discuss how we can help with your project
Key features
Code review summary
Our team did front-end and back-end code review, also referred to as software audit. As a result, the client received our recommendations on enhancements, SDLC best practices, test coverage, static analysis for code, and automatic tools for code review.
CI/CD pipeline
We analyzed CI/CD processes the client had and provided some summary on how to better transfer code repositories from GitHub and build deploying processes from TravisCI to AWS tools (CodeCommit, CodePipeline, CodeBuild).
Requirements formalization
As part of our involvement into the project, we defined and offered an approach to requirements approval by the customer, set a level of requirements abstraction, and explained how to trace whether initial requirements are aligned with the requirements released.
Security process recommendations
The client got recommendations on security certification plan, application security high-level recommendations, and penetration testing strategy.
Value to our client
Our tech stack
Python
Django
AWS
PostgreSQL
Client feedback
I was impressed by the knowledge, skill, and professionalism that led the DICEUS team to successfully perform under unique circumstances and meet all of our needs. I also found the internal processes and structures you had in place to manage this engagement exceptional. The execution of your internal processes (document review, in-depth and probing questions, demonstrable industry experience, etc.) served to demonstrate your teams’ expertise in this space. That gave me confidence in DICEUS’ ability to handle complex development tasks and other activities that may be in Counter Tools’ future. Thank you for the experience and your support.
