AironWorks: Redeveloping a SaaS platform for simulating phishing attacks

AironWorks simulates phishing attacks targeting employees. These attacks might be focused on employees themselves or on the company as a whole and can be executed via email, SMS, social media messages, and website URLs.

CHALLENGES THE CLIENT FACED AFTER A SUCCESSFUL LAUNCH

Shortly after the product launch, the AironWorks team realized that they attracted more customers than expected, which highlighted the need to:

• to enhance the product technologically so it would be capable of serving more customers and providing them with better performance and stability
• add new critical functionally, which, according to the customers’ feedback, the platform lacked
• relaunch their existing customer-facing app with version 2, with a refined and more user-friendly UI/UX — which was to raise interest among bigger companies across various domains, and make the product an industry-agnostic cybersecurity training tool

AironWorks was built by experienced developers who previously worked in the Israeli Intelligence Corps of the Israel Defense Forces. To make sure team members were all at the same professional level, rather than expand the size of the team, they decided to partner with an outsourcing software engineering company that would:

• quickly find the necessary specialists, augment the team with them, and onboard them to the project
• have strong project management skills and be responsible for managing the outsourced team’s work, providing reports, and facilitating communication between parties
• conduct an in-depth product investigation and identify the solution’s business logic, technological requirements, and drawbacks with the aim of further refinement
• be able to develop and deliver a new customer application in a short time to present it to a new target audience according to approved plans

To our delight, AironWorks recognized our professionalism and business approach and decided to partner with Yalantis on the basis of clients’ feedback and past projects we’ve worked on.

• A new customer application with improved business logic, user experience, and performance
• An interface optimized for the US market
• New documentation and development approaches that allow for effective and efficient product development and business scaling

Here’s what we did to help AironWorks achieve these results:

Yalantis helped the client develop a new customer application that is easy to use and convenient for new markets. Below are the steps we took.

Going beyond the customer app

During the first stages of working on the solution, our team determined that the way they planned to enhance the functionality required more than independent development of a new customer application.

The Yalantis team needed to:

• hone the application’s business logic to eliminate inconsistencies
• think through, design, and strategize the development of a new application and implementation of new functionality in a way that wouldn’t affect the work of the existing application
• make sure that new functionality would work properly and stably in the current customer application
• refine the back end to ensure smooth operation of both versions of the customer application

Investigating and fixing business logic gaps

Before development started, our business analyst performed reverse engineering to:

• understand how the product worked
• see what goals each feature served and how each feature was executed
• identify gaps and inconsistencies in business logic and offer solutions in cooperation with developers
• design the feature map, describe the business logic, and present a strategy for implementing new functionality together with the development team

After this, we started working on the client’s initial request – developing a new customer-facing web application.

Improving the technology stack to reflect modern UI standards

The new version of the customer application had to reflect modern UI standards and trends in order to attract more customers. That’s why we decided to change the technology stack:

We moved to the new technology stack because:

• TypeScript helped us simplify a lot of legacy code written in JavaScript, and improve the application’s performance, making the app work smoothly even with an increasing number of users.
• Writing the new codebase in TypeScript helped us ensure quick and stable platform performance and prepare the solution for implementing further functionality.
• Material UI offers crucial characteristics we needed in this project — high velocity and customization — and it’s the best fit for React. We created our own styles based on Material UI, as it visually resembles the current application. Thanks to this, customers will intuitively understand the flow after migrating to the new version
• React Query enables simpler API management, smoother edge case handling, and data caching without state management tools. Also, this library enables flexible communication between the server and the client.

In addition, we reworked the scenario editor and the scenario launching process. We made it easier to launch scenarios by adding new attributes, distinguishing steps, and giving users the opportunity to check each step before finishing the scenario.

At the client’s request, we also worked on partially refactoring legacy code on the back end.

Ensuring the app’s stability via legacy code refactoring

Initially, the back end was written in Python with the Flask framework. We decided to supplement it with the asynchronous FastAPI framework. This allowed us to asynchronously process requests and unload the servers. We’ve also been rewriting some parts of the code to simplify it and reduce its size.

Changes implemented have allowed for:

• better platform stability under high load conditions
• easier onboarding of new specialists, as we broke everything down into modules and documented relationships between them and the way they work
• easier bug identification

Now, we are working on full-scale legacy code refactoring.

We localized the solution in preparation for entering the US market by:

• making the processes of creating scenarios, settings, and configurations inside the application understandable and natural for English speakers
• implementing the ability for each employee to choose a language
• adjusting the language of notifications based on an employee’s preference

For this, the Yalantis team:

• Implemented and configured CI/CD processes. Implementation of CI/CD processes allowed us to:
   –  control product deployment
   – avoid deployment of low-quality or buggy code
   – reduce the time to market, as continuous deployment helps us deploy new functionality and fix bugs quickly.
• Ensured high code quality through testing. All product testing is done on our client’s side. However, according to Yalantis’ principles of work, our developers conducted unit and integration tests.

We created documentation for easier onboarding of new specialists. Considering that the product is growing, we had to ensure that new developers would be able to start working on it quickly. To facilitate the onboarding process, we:

• created a “Getting started” section in documentation to help newly onboarded developers start the project locally on their devices and quickly delve into the project specifics
• described the reasons for decisions made and UI components used
• provided recommendations regarding future decisions and conventions to follow in order to consistently develop new features

We’re still working on the project with the client’s team and plan to:

• Implement new functionality; specifically, add scenarios for new email phishing attacks through fake login forms and attachments
• Release a new customer version of the application with an updated dashboard and extended statistics
• Deploy the infrastructure from scratch with Terraform to ensure smooth and stable solution scaling