Complex Database Layer: The platform's complex database layer and an extensive number of files created challenges for comprehensive vulnerability identification and resolution.
Lack of Update Processes: The absence of a standardized process for regular third-party and other security vulnerability updates required developing a robust and efficient approach.
Module Coordination: With over 100 modules managed by different teams, effective coordination and streamlined delivery of monthly releases became imperative.
New Tools Adoption: Learning and integrating multiple security tools like Veracode, Checkmarx, and NexusIQ required quick upskilling and careful implementation.
Framework Changes: The team worked diligently to achieve the initial framework modifications within the agreed timeline, ensuring minimal impact on existing functionalities.
Minimal-Impact Framework: We developed an efficient framework that required minimal changes to existing architecture while ensuring security compliance.
Third-Party Jar Management: Collaborating with Nasdaq management, we implemented a process to identify and fix third-party vulnerabilities with minimal disruption.
Automated Scanning: Automated security scanning was established to identify vulnerabilities swiftly and consistently across the platform.
All identified vulnerabilities have been resolved, with newly discovered ones being addressed within a month.
New frameworks ensure that no new vulnerabilities are introduced, securing the platform against future threats.
The team has grown from 3 to 10 members and is now entrusted with additional upgrade and maintenance responsibilities.
Individual and team efforts have been consistently recognized and appreciated by Nasdaq for their diligence and impact.
Java
Spring
Hibernate
Oracle
PostgreSQL
Checkmarx
Cucumber
Elasticsearch
JUnit
Nexusiq
SonarQube
Veracode
Jenkins
Gradle
JBoss
Apache Tomcat
Docker