DevSecOps Service for Airport Operations Management Platform

The Sigma Software team inspected over 96K lines of product source code, helping our Client verify & strengthen the security framework of their web-based platform for civil aviation
Customer:
Airport-management solution provider
Airport-management solution provider

  • Business Need

    The Client’s airport management platform was rapidly growing, and they wanted to ensure its security level aligned with both evolving standards and the company’s business needs. So, INPUT SOFT sought a partner to assess the security of the code and identify areas for improvement.

  • Result

    INPUT SOFT eliminated high-impact security risks and enhanced their entire cybersecurity framework. Our team helped the Client not only identify vulnerabilities and suggest remediation steps but also perform a follow-up security scan to verify that no previous issues remained.

Red background
We are delighted with the scan’s effectiveness in enhancing our platform's security
Anastasiia Smyk
CEO
INPUT SOFT

Collaboration Overview

Key Facts

INPUT SOFT owns a web & mobile platform that helps aviation companies put legacy and paper-based processes on digital rails. As a fast-growing startup, they wanted to build security excellence early on and engaged our team to ensure their product complies with the best practices.

We analyzed the Client’s requirements and, based on their business context, suggested the DevSecOps approach as an optimal way to cover their security needs. This allowed us to identify issues down to their source and help the Client lay a solid foundation for long-term security. INPUT SOFT loved the plan, so as a part of the approach, we:

  • Conducted a two-round security code audit to detect vulnerabilities in source code and external system components
  • Document all the findings and break down issues by severity in a detailed security audit report
  • Provided general security recommendations and actionable suggestions on remediation steps

As the INPUT SOFT platform is a constantly evolving product, we knew the traditional ways for security inspection, like audits or pen-testing, might be unnecessary time- and cost-consuming in their case. Thus, we opted to perform a security code audit, combining DevSecOps principles and tools to maximize the efficiency of the assessment.

Since the audit involved activities on different layers, we created a phased roadmap. It helped us streamline the overall process and ensure that no vulnerability remained unmarked. The key phases of the security code audit included:

  • Static Application Security Testing (SAST) to identify vulnerabilities in code and mitigate risks early in the development process
  • Software Composition Analysis (SCA) to inspect external components and dependencies and ensure they are secure, up-to-date, and comply with regulatory requirements
  • Codebase secrets detection to safeguard that no sensitive data like passwords or API keys can be exposed

DevSecOps approach emphasizes continuous monitoring of the security framework, so we’ve planned the reassessment phase from the outset. Thus, once the first audit round was finished, we provided the Client with recommendations on improving security practices and remediation steps to help fix revealed vulnerabilities.

INPUT SOFT wasted no time and quickly moved to addressing the issues. It included updating 3rd-party dependencies and implementing secure coding mechanisms. As a result, our second round of security code audit showed that the Client eliminated the critical flaws, according to our suggestions that included:

  • Prevention of OS Command Injection to ensure no unauthorized system commands could be executed
  • Removal of Hard-coded credentials to mitigate password exposure
  • Correction of permissions assignment to safeguard proper access controls
  • Mitigation of SQL Injection risks to secure database queries from attacks
  • Restriction of Cross-Site Request Forgery (CSRF) to block unauthorized actions

Size & Duration

2 FTE, ongoing since November 2024

Highlights

Size & Duration

2 FTE, ongoing since November 2024

INDUSTRY
COUNTRY
SOLUTIONS
SERVICES
TECHNOLOGIES

Testimonials

Sigma Software's 'Software Security Code Scan' uncovered unexpected vulnerabilities, detected sensitive data in the code, and identified library weaknesses missed by IDE warnings. The final report was clear and allowed our team to address all issues promptly.
Anastasiia Smyk, CEO, Input Soft
Anastasiia Smyk

CEO

INPUT SOFT

In response to evolving aviation regulations, INPUT SOFT initiated a proactive security assessment and partnered with Sigma Software to perform it. Through SAST, SCA, and secrets scanning, we ensured the platform met high compliance standards and helped the Client strengthen resilience and long-term reliability of their product.
Artem Shevchenko, Aviation CoE Lead, Sigma Software
Artem Shevchenko

Aviation CoE Lead

Sigma Software

DevSecOps Engineers enhancing cybersecurity framework of a web-based platform for civil aviation
Let us discuss how our team can contribute to your success

Related Services

Aviation Software Development 

Turnkey development of solutions tailored to industry needs & regulations.
Read more

Application Security Services

Shift security left in your SDLC to identify flaws early & avoid costly fixes.
Read more

Cybersecurity Consulting Services

Leverage our cybersecurity expertise to build & enhance your security framework.
Read more

Software Testing Services

Embed sound quality practices in your development process with our expert help. 
Read more