OX.Security

Description

OX Security offers cybersecurity solutions leveraging advanced encryption and proactive threat detection to protect digital assets from evolving threats. With real-time monitoring, vulnerability assessments, and incident response services, clients ensure comprehensive protection against cyber risks.

‍

Project Background

With its state-of-the-art cybersecurity solutions, ox.security sought a skilled team to guide product development and initial design decisions from a technical standpoint. Additionally, assistance was needed to optimize and enhance technical solutions within the project, along with establishing fundamental cybersecurity policies.

‍

Project Goals

• Refine and optimize existing vulnerability scanning algorithms to improve accuracy and efficiency.
• Develop and implement advanced cybersecurity policies aligned with current industry standards and best practices.
• Strengthen Developer Team, foster a product-oriented mindset, encouraging independence and engineering excellence among team members.
• Expedite Feature Evaluation and Implementation, establish a streamlined process for evaluating and prioritizing new features critical for securing contracts with prospective clients.

‍

Tech stack

Js, Ts, Nest, Python, Mongo , Redis, Bull, AWS, Azure, Github, Gitlab, Bitbucket, Node, Express, GraphQL

‍

Feature List

Our developers have contributed to various client projects, undertaking tasks such as:

‍

1. Optimizing repository scanning processes and algorithms:
   
   • Implementing client repository scanning after pull requests merge and limiting to new commits.
   • Conducting pipeline scans and pull request scanning.
2. Integrating with various platforms such as GitHub (including GitHub Actions and GitHub Apps), GitLab CI/CD and GitLab Hooks, Bitbucket Pipelines, Azure DevOps, and Jenkins as part of pipeline scans.
3. Developing an internal service for optimizing distributed file system operations.
4. Creating a new service to present analysis results data graphically.

‍

Key Solutions

• Integration and Compatibility: Our objective was to ensure seamless integration and compatibility between various systems. We successfully integrated scan pipelines with GitHub Actions, GitLab CI/CD, Bitbucket Pipelines, Azure DevOps, and Jenkins, utilizing Docker containers for specific systems. Furthermore, we accomplished integration of GitHub Apps, Bitbucket Apps, and GitLab Hooks through a Nest.js service, facilitating direct scan report delivery to respective platforms.

• Scanning Process Improvement: We implemented scanning of clients' repositories after merging pull requests and introduced pipeline scanning. This focus on detecting vulnerabilities before release, known as the "shift left" approach, aimed to enhance the overall security posture. Additionally, we optimized efficiency by modifying existing services to enable scanning of specific repository commits rather than the entire repository at once.

• Internal Service Development: We created an internal service aimed at optimizing operations with distributed file systems. This initiative led to significant reductions of unnecessary operations and costs for clients, while simultaneously improving work speed and processing efficiency.
  ‍
• ‍Visualization Service Development: We created a new service using Nest.js and GraphQL to visualize analysis results data in graph format, simplifying the identification of vulnerabilities and attack vectors within client repositories. This streamlined approach facilitates a clearer understanding of application security.