Software Modernization: Case Study

How We Modernized Legacy Application

Doing our job, we witness client requirements moving on following the immense progress the technologies make day in and day out. Stability of future project maintenance and up-to-date design are the must for every project, launched on the digital market. 

Not surprisingly the trend for software modernization is on rise as it’s crucial to use new technologies and functionality that are relevant for your target audience to stay afloat. Here a business runner may face quite a serious problem. Out-of-date technologies that were popular, available, or conventional (choose your option) at the moment of project building, turn out to impose restrictions on a project:

  • speed;
  • security;
  • scalability; 
  • structure; 
  • design. 

For the seasoned project, it’s frequently hard to beat young competitors on these criteria. One of the best options to manage this problem is thinking of the update your project might need. Consultation with a dedicated web development team is highly recommended to get a professional and scalable look that will become the first step towards the increase of your competitive advantage. 

Contents:


Our Experience of Software Modernization

Project Overview

When our team started working on this project, we had the task to build only one feature for an ongoing PPM application written in JavaScript (JS was the best solution for creating a similar functionality at the moment). Creation of the feature resulted in the long-term cooperation, during which we were mostly working on adding new functionality to launch the product, having no free minute for reviewing and upgrading the code.

This project grew to a large JS application that provides multiple functions from the Gantt Chart to messaging with more than 30 active users-huge corporations and companies. The new functionality is added as well upon user requests.

Reasons to Modernize the Application

  • Hundreds of lines of code. At a certain point, our team realized that despite the JavaScript possibilities, it forces us to write too many lines of code that would be difficult to support in the long term. 
  • Increase in users’ requirements. As the application has scaled up from 100 users to 1000, the requirements have increased as well, insisting on boosting the speed of web development. This was exactly the moment to start using the framework instead of writing the typical components & elements ourselves.
  • Change in developers’ preferences. The front-end team has been replaced by the developers, who’ve taken the fresh look at the project bearing in mind the latest technology updates.

We’ve evaluated the situation and estimated the risks to pick up Angular as the main front-end language for application modernization and offered a software modernization solution to a customer.

Some of the ‘not so sexy work’ has been a major refactoring of code and system architecture that allows the application to scale from 100s of projects and users to 1000s. This has been successfully undertaken and not impacted existing system users in part due to Jellyfish.tech’s work.

from Clutch customer review

Why Angular

Mostly, the reasons are the same as for choosing this JavaScript-based framework a part of our stack of technology: 

1. Progressivity. In addition to having numerous libraries, Angular is continuously updated, thus, it provides a plethora of excellent possibilities to developers. For example, certain libraries reduce the time for template elements creation, thus, allow focusing on new features. 

2. Universality. It will be much easier for us to expand the team of developers offering to candidates working on the Angular project rather than JavaScript applications. In addition, further maintenance and scaling-up are possible only in the Angular environment.

3. Reusable components. This Angular feature allows using the standard set of components (login, sign up, etc.) multiple times. 

3. Strong expertise.  Our developers have great experience in working with Angular, thus, we’ve taken a logical decision to use the expertise to build a powerful app for our client. 

We’d like to update the technologies used for our tool. We don’t work on the principle of “whatever happens with the project in the future, it’s not our problem”. Our main objective is to deliver a successful project that meets all the demands of today’s digital world. Ultimately, this update is inevitable, the only question is how much could we save for our client by doing it now, not in a month or year. The sooner will we do it, the quicker our client will benefit from the update.

Alex, Frontend Tech Lead

Process

Our primary goal is not only to refactor the code. We work on constant UX enhancement and use the best practices to improve UI. We take the old code only as an example of the functions that should be implemented.

The turning point of making the decision to modernize the application was our proposal to change the backend strategy by turning to asp.net.core that will basically result in deep architecture modification aimed at the creation of a flexible functionality, SSO (Single Sign-On) implementation and Azure Ad join.

Plan

In so doing the project should have to go through the front-end modification to get a better structure. 

So, what we’ve done to update the project:

1. Start the projects (we manage both frontend and backend modifications) by creating an Angular environment for the frontend. 

2. Set out structure and routes that are actually a kind of sitemap. As the project is large, we started by building the basic system to manage the parts, highly demanded by users. 

3. Main login page (as Zeno.PM provides various login experience to a user: QR code, SSO, Azure AD, mail, etc.)

4. Project selection interface that a user sees right after signing in.  

Modules

Templates

As I’ve mentioned before, one of the biggest Angular advantages is the possibility to create one template for all typical elements an app has so that a developer does not need to reinvent the wheel each time. 

State manager

The complex yet necessary component of a large application that helps track the app state. From the page filters to the data stored locally for further use, the state manager allows taking control over all the processes, thereby simplifying working with the application.

Admin panel 

In close collaboration with the customer, we’ve prioritized the application components modernization–admin panel was the first. For now, our team continues modernizing the admin pages transferring its functionality as well as working on its configuration and different services. 

Special features of the update

The biggest particular feature of this project is the live audience, thus, we develop new functionality and rewrite the old code simultaneously. This process is designed in a way that allows involving only certain modules in time without interfering in the project viability. What is more, we have a good chance to involve the real users to test any updates, in this way, we get valuable real-time feedback from a live audience that helps us introduce the improvements right away based on customer experience. Although not every user has access to the Angular admin panel, for now, its release is eagerly awaited!

Bottom Line

The expertise of our developers’ team enables us to provide the most appropriate solution based on your type of project, budget, demands, and general expectations. 

Jellyfish.tech cares about your project not only during the development process itself, but further maintenance, viability, and perspective of a project we take do matter for us as well. In our humble opinion, this is the only approach that has a right to exist on the digital market of today. We do not deliver poorly designed apps, we don’t take projects only for making money, we don’t let things slide. Creating a quality project for you that will be bound to succeed is above all. 

Small Business Cybersecurity Tips for 2020

Cyber Security Tips for Small Businesses

The topic of cyber security for small businesses is of particular importance for the Jellyfish.tech team as we faced it directly during launching our website.

At the last stage, after adding the most of the content to both main and blog pages, we had a slight mishap that actually became the reason for creating this post. At a certain moment, our website was no longer available. Having started to fix the situation, our CTO Roman bumped into the following message in the code:

Ransom requirement encrypted data
message from cyber criminals

Cybercriminals hacked the database (PostgreSQL) to steal the data. Why did they need the descriptions of our technologies of choice and expertise? To ask for a ransom! 

Unfortunately, the cyber police department is not as strong as we wish it to be, so we had to manage this problem ourselves, ignoring the demand to transfer 0.25 bitcoin. Our content manager had no choice except re-adding the stolen content to the website wiping the tears of insult. 

We tend to consider this as a payback for the SQL injection done by our CTO having been a student. He hacked the university website to get the A+ from one of the programming tutors. Is he proud of it? No, but everyone has a past. 

Coming back to our question, the problem of cybersecurity for small business is gaining an increased relevance our days, and Jellyfish.tech can’t stand by, especially after the things we’ve experienced. 

Contents:

Cyber Security for Small Business: What Is It?

Cyber security is a series of practices aimed at the defense of systems, applications, networks, and data from the digital attacks. 

The term of cyber security can be applied in multiple contexts from digital business to mobile computing and broken down into the following categories:

Cyber Security categories

Cyber attacks target sensitive data to get money from individual users, companies, and even corporations or interrupt business processes. 

Enterprises and corporations are used to hire in-house cyber security specialists who may either be the part of the IT department or set up the dedicated one; check with the consultant, or, at least, buy and install sophisticated cybersecurity software. 

Frequently, the above-mentioned cyber attacks prevention methods are not available to small businesses due to high costs and negative ROI. All the more in most cases business runners in small companies are able to take the necessary security measures through their own efforts as we’ve done it. Or to be more specific, haven’t done and our employee should have to redo the work. 

Cyber Security Threats Small Businesses Face (and How to Avoid Them)

The rapid pace of digital products and services development provokes more and more criminals into going after sensitive data they might access using even the most common cyber crime attack methods. 

Knowledge is power, thus, we hope strongly the information from this post will help you prevent cyber attacks. 

Ransomware

Imagine cyber criminals have stolen all the data from a website and made it go down. If talking about corporate websites, this situation is not really the calamity. What if the target website is your main source of income with hundreds of visitors per day or even per hour? In this case, the consequences of a ransomware attack will be much more devastating. 

Of course, criminals will fix what they’ve done only after the ransom is on their bank account (cryptocurrency is one of the most popular demands). Thus, you will have to either add the content one more time that is quite a resource-consuming process (we were lucky in a way, as our website was new, so we had to upload the content only for several main pages) or pay an arm and a leg for getting your website back. 

Ransomware actually heads the list of the frequent cyber attacks and most of them target small businesses because of their vulnerability. 

Do Backups

Evident? Yes. But DO we really always use it? During working on our corporate website, this just slipped our minds! The manager who was leading the project thought the developer was responsible for running backups, and the developer was sure the team lead would take care of it. As you can tell, no one from these three really did it. That’s why a backup policy is a must at any stage of working with data.   

I run backups every morning and evening, yet I still don’t feel safe

Content Manager of Jellyfish.tech

With trembling hands, she’s running another backup. 

To avoid the similar fate, appoint the “backup” person once and for all to run them periodically so that the relevant data can be restored at any moment.

Phishing 

Imagine that while checking out the corporate mails, your SMM specialist has opened the one saying your Twitter account will be marked as suspicious and deleted if you don’t confirm your login and password. The way they offer him/her to do it is to re-enter the data into the built-in form or follow the link to the data recovery page looking suspiciously like the same page on the original website. The main objective of this message is to get your personal or your company’s sensitive data, making the system more vulnerable. The only acceptable reaction is to delete the message and block the sender, it’s evident, especially when all the websites and services you use prohibit disclosing your personal data to any third parties. You may be sure your employees are well aware of this type of cyber attacks by default, what is more, you may be sure you will never fall for that trick. However, phishing statistics suggest otherwise:

“76% of businesses reported being a victim of a phishing attack last year”. 

This number is truly impressive. Phishing cyber attacks become more and more “client-oriented”, if I may say so, more sophisticated to scam even a tech-savvy user. Both the number of phishing attacks that have grown 65% in the last year and their quality are evolving to draw the attention of a wider audience. CEOs and company’s key figures appear to be at risk as well; the cyber attacks targeting top management positions have been even called spear phishing in general, and CEO fraud and whaling, to be more specific. 

Install Anti-Phishing Software

Email phishing prevention applications are one of the shields that will protect your network systems and sensitive data of both your company and workers. Depending on the software type, it may protect not only the corporate mail but detect and prevent phishing attacks no matter where on the Internet. 

Set Up Two- or Multi-Factor Authentication

Enable the additional level of security besides the login and password by implementing two-factor or multi-factor authentication making it harder for hackers to access the account. The multi-factor authentication is not a sign of mistrust, it is a necessary measure to prevent the progressing cyber attacks. 

SQL Injection Attack

SQL or structured query language is used by many servers to manage the databases. Targeting this kind of server, an SQL attack injects malicious code to get sensitive data that can’t be accessed in any other way. It becomes a real problem if a server stores the users’ payment details (card numbers, passwords, etc.) or other private information. 

Whitelisting and Blacklisting

Blacklisting allows removing or replacing the malicious characters from user input. Although this method is easier to implement (compared to whitelisting), it may still fail to protect a server under the circumstances of evolving attack techniques. 

Alternatively, whitelisting is a more secure option as it examines each part of a user input comparing it to the permitted characters. 

Anyways, disregarding the type of approach, you will have to work together with the developer to identify and tailor the permitted data formats for the input to set up the filters. 

Cyber attacks types
the common types of cyber attacks

Best Practices of Cybersecurity for Small Business

For those who want to prevent the threat, the CTO of Jellyfish.tech has listed the universal cybersecurity advice small businesses may have missed. It isn’t rocket science, however, having these actions listed and discussing them with either a cyber security consultant or a developer is always a good idea. 

Invest in Network Analytics

Permanent network analysis using the custom tool picked up for your industry and company type contributes to the reinforcement of your digital security. 

Perhaps, checking our network management tool case will help you understand which features should your ideal application for network analysis have. Or, consultation with a specialist can be the best solution for your company. Of course, it depends on multiple factors to consider before searching for a proper way to manage the network. We could start by answering these simple questions to identify your requirements:

  • What is your area of expertise?
  • How large your network is?
  • What are your expectations from the tool?
  • Are you more focused on visualization or the computation of metrics such as centrality, betweenness, etc.? Or maybe you want to have both? 
  • What is your budget?
  • Who will use this tool on an ongoing basis?

Anyway, it would be much easier to explain what you need to a third party. 

If you’ve got curious about network management and why it is important, check the post where we discuss it.

Update Software Regularly 

A software vulnerability is one of the most common reasons for cyber attacks. Any breach makes your system a perfect target to steal sensitive data or encrypt the files to ask for a ransom. 

Regular software updates will fix the security holes to prevent cyber attackers from encroaching on sensitive information of yours and your users/ employees. 

Educate Employees

Employees’ education should be at the core of your company’s cyber policy, as the people are the main vulnerability and defense source at the same time. 

Regular cyber security meetings where you clearly communicate the impact of cyber attacks and talk about the up-to-date ways of its prevention is an important step towards cyber security. 

Meanwhile, you can share these videos to inspire your employees for taking care of cyber security with greater enthusiasm.  

ways to improve cyber security for small businesses

Real-Life Cyber Security Fails

Ashley Madison Hacktivism

Hackers stole the sensitive users’ data from a cheating site Ashley Madison. More than 32 million of adulterers’ credentials and credit card numbers were posted to the dark web. A month later, its companion, the website for beautiful young women to find a rich daddy Established Men suffered the same fate. 

The Worst Smart Padlock

Canadian startup released a super cool Bluetooth-speaking padlock, which “secret” code could be easily picked from the lock’s network address. The point is that the padlock uses your public MAC address as an access code. As a consequence, the UK penetration testing team succeeded in building a special program able to open any padlock of this company in 2 seconds compared to 0.8 seconds an official app required. 

But it’s not over yet as a Greek cyber security specialist Vangelis Stykas shared his own research on hacking the lock on Medium. He managed to add himself as a user into any padlock, get access to users’ sensitive information, and open the lock in 0.8 seconds.

Macron’s Emails Leak

In the spring of 2017, before the presidential runoff in France, hackers posted a collection of links to the archive of the leaked emails of the party “En Marche!”. Sensitive data (contracts, documents, and accounting) was obtained by hacking the email of several key campaign members. 

According to the report of the security firm Trend Micro, Macron’s campaign became the target of the Russian hacking group Fancy Bear. This act is seen as the France democracy demoralizer as well as Russia’s interference in the US election process noticed earlier.