Lifeguard provides continuous penetration testing that helps to minimize security risks
The so-called snapshot-in-time security checks are not efficient in the modern world environment, because they do not provide up-to-date information on security drawbacks. This way many companies and products can be at risk. Lifeguard is a new approach in the world of security testing. Its main difference is continuous private networks scanning for vulnerabilities.
The product consists of two applications - a scanner and the client application. Scanners are installed into client's networks, perform scanning using a pre-defined schedule, send results to the main app.
The main or client app contains a website, where clients can log in, check found vulnerabilities, mark some of them as fixed or known, assign vulnerabilities to developers for a fix, and leave comments. Also, there are settings that allow editing scanning schedule, set time when scanning should not be performed, etc.
Both the scanner and the main applications are written in Python with Django framework as a basis. We used Celery to run periodical tasks and Postgres – as a database. Redis was used to store cache. Apart from Celery, the scanner app has SQLite as a database and SQLAlchemy as ORM. It launches ping scans to check available hosts, uses `nmap` util to scan available ports, and Nessus for vulnerabilities search.
When the client came to us, he had already some work in progress for this product. So we had to deal with the code written by another team. And the main difficulty was that some app components contained outdated logic, had a complicated structure due to a lack of refactoring. It took some time to figure out the logic pipeline and refactor the source code.
Another interesting work was done for providing encryption for all main application's URLs. Sometimes it had to be done manually to check all URLs are encrypted and work as expected.
DevelopsToday team likes uncommon products that make this world better. Lifeguard is a good example of such type of product. And it was a pleasure to work and cooperate with the client. We managed to achieve great results and release the product on time. While working on the security scanner our engineers' team learned a lot of useful things that they are ready to implement in the next projects.
Full Stack Developer – Vladislav N.
Product Manager – Dmitriy T.
It’s a pleasure to have you on our website. Let us know if there’s an opportunity for us to do something together.Drop us a message
Our case studies describe design and development solutions that we’ve implemented.