Project Summary for Synergy

Briefly about the team

Synergy is a multinational team of IT students, each of us contributing a diverse range of skills and backgrounds. From artificial intelligence to cybersecurity, our interests span a wide spectrum, offering various viewpoints to address potential challenges. Our objective is to use our individual talents in delivering custom-made solutions to meet the requirements of our client. Although we are still in the process of mastering our roles, we are dedicated to expanding our skill sets and enhancing our expertise throughout the project's duration. Together, Synergy is committed to pursuing quality, ensuring that our project benefits from our collective wisdom and innovative perspectives.

What did the customer order?

Combitech, a prominent technical consulting company under Saab AB's umbrella, has tasked us with refining key features of the Tukko Traffic Visualizer application. Originally developed in a prior course (WIMMA lab), this application plays a fundamental role in Future Factory 2024's project assignments. Combitech's specific request was to deliver an improved iteration; Tukko v2.0, that aligns closely with their expectations for enhanced functionality and performance.

What was the focus and how did the work progress?

Team Synergy's primary focus was on improving the user experience and interface, implementing security features, and addressing vulnerabilities in the application to safeguard against potential security threats. Throughout the project, we worked on enhancing web app accessibility, refining dark mode colors, and ensuring color contrast for users with color blindness.

Additionally, we prioritized the implementation of security measures to protect the application. Our roadmap involved structured sprints lasting two weeks each, with daily scrum meetings. Over seven sprints, we used collaborative tools such as Teams and GitLab to facilitate effective communication and project management.

Used resources

Throughout the project, Team Synergy utilized a variety of resources to facilitate development and collaboration. These resources included:

• Open Project Framework (OPF): template used for project documentation.
• React: A JavaScript library for building user interfaces.
• MongoDB: A NoSQL database used for storing and managing data.
• TypeScript: A typed superset of JavaScript that compiles to plain JavaScript.
• Redis: An in-memory data store used for caching and session management.
• Express.js: A web application framework for Node.js used for building RESTful APIs.
• Node.js: A JavaScript runtime environment used for server-side development.
• REST API: A standard protocol used for building web APIs.
• Vite: A build tool for modern web development workflows.
• Docker: A platform for developing, shipping, and running applications in containers.
• Collaboration Tools: Teams, Zoom, and GitLab were used for communication, meetings, and version control.
• Integrated Development Environment (IDE): Visual Studio Code (VSCode) was used as the primary code editor.
• PlantUML: A tool for creating UML diagrams to visualize system architecture and design.
• cPouta cloud services: an IaaS cloud computing service. It allows its users to access, use and manage virtualized infrastructure using a self-service model
• Nginx: a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
• ModSecurity: is an open-source web-based firewall application (or WAF) supported by different web servers: Apache, Nginx and IIS.

These resources played an essential role in supporting our development process, enabling effective collaboration and the successful execution of our project goals.

What was achieved?

Team Synergy achieved several significant goals and milestones during the project.

1. We were able to improve the Tukko Traffic Visualizer application's user interface and experience, making it more accessible to all users. We implemented features such as a colour blind mode and better dark mode colours to ensure a smooth user experience. Additionally we began to implement a Norwegian localization of the application UI, although some translations are still missing from the final product.

2. We improved the security profile of the application by adding several new security features and fixing vulnerabilities found while testing. Preventative measures included securing traffic to the application containers by implementing a dockerized web application firewall solution utilizing Nginx with ModSecurity, automated vulnerability scanning pipelines, and server hardening.

3. In order to make the application accessible to users with a range of requirements and abilities, we also added web app accessibility measures in compliance with the WCAG 2.2 standard. The goal of this inclusion effort was to ensure that the usability of the Tukko v2.0 application remain equally accessible to all users regardless of ability.

Furthermore, we improved a number of the application's existing features through continuous revision and development throughout the project life cycle.

Demo

Below is a sneak peek of a few features that were implemented and showcased during our demo day, but for more detailed information we warmly welcome you to visit our demo page and leave feedback on any improvements we could make!

A small demonstration of some accessibility features:

Fail2Ban preventing brute-force attacks on the server ssh logins:

Norwegian localization

Security dashboard with SAST, DAST and dependency scanning enabled:

Better dark mode colours:

ModSecurity WAF in action:

Test results

See the test results for each feature below:

• Testing dark mode colours for FEA106

• Testing colour blind contrast for FEA110

• Testing the changes to branding

• Testing automated vulnerability scanning for FEA403

• Testing the automated security pipeline for FEA405

• Testing server access control for FEA407

• Testing the web application firewall for FEA409

Problems

While overall our project ran smoothly from beginning to end, we did encounter certain setbacks during the course of the assignment.

• We initially had very ambitious plans for our feature roadmap, but we failed to take into account the shorter duration of sprints coinciding with holidays. This led to delays in the implementation process, forcing us to revise our feature release schedule and place certain features, such as container hardening, in the backlog.

• Additionally we had some issues with the servers and Docker containers running the application, which led to many hours spent in troubleshooting and reconfiguration.

• Certain features proved to be larger in scope than originally estimated, and as a result we had to simplify our planned solutions in order to deliver the product on schedule.

The personal obligations and varying schedules of our team members also placed a constraint on the time that was available for working together.

Achievements

• Getting a deeper understanding with the Agile framework
• Working in a team with different roles and responsibilities
• Using Gitlab as a tool for efficient task handling
• Creating documentation vital to a project such as a detailed project plan, a deeper requirement specification and additionally considerations on each feature, communication plan, definition of done, risk management plan, master test plan
• Understanding the general workings of, syntax and dependencies of Tukko v1.0
• Implementing dark mode colors by using css filters, and limitations to map tiles that can be costly
• Having a focus on color contrast and balance using WGAC 2.1 guidelines
• Sec features etc

Detailed analysis of achievement outcomes

Initially in the development of Tukko, we narrowed down the scope of our goal based on our interests, skills and those feasible to learn and implement within the given timeframe. A particular field of focus was team dynamics and adhering to our roles, as despite lasting for 7 sprints the actual working-time for our team were limited by other projects and scheduled vacations from JAMK.

A daunting task was to create the framework of our projects documentation. While most had previous experience in both projects and documentation, it was still cruical to spend time familiarizing new topics and also making sure we were pointing the discussions and documentation to best align with our goals. These were primarily to the enhancements of Tukko, however importantly, as a new team we spent equal amount of time and resources on learning, getting to know, and improving how we as a team could work together.

Setting up guides showed to be rewarding, both for those creating and learning new methods, and for those making use of the guides to quickly get work done. Adhering to our branching rules, understanding security aspects and having a focus on safe implementation of features.

What we learned as a team

Our team learned many important lessons throughout the project, improving our collaboration as well as our technical proficiency.

1. Collaborative Problem Solving: We discovered how important it is to approach difficult issues in a team environment. The different perspectives and areas of expertise that each team member contributed resulted in creative solutions and more effective problem-solving when combined.

2. Communication Is Key: Maintaining constant communication was essential for keeping everyone in the loop. We found that having regular, transparent communication helped avoid misunderstandings and made sure that everyone on the team was informed of any updates or changes to the project.

3. Time Management: The third significant lesson we learned was managing our time efficiently. We were able to stay on track and modify our priorities as necessary by sticking to our sprint schedules and daily meetings, which helped make sure that important tasks were finished on time. Adjusting to Change: Throughout the project, we ran into unexpected challenges that called for our adaptability and flexibility. Maintaining the project's momentum required us to have the capacity to change course and modify our plans according to these hurdles.

4. Improvement of Technical Skills: We improved our technical understanding of the technologies we employed, including security protocols, accessibility guidelines, more experience in programming languages, and practical experience on the Linux command line since our main server was a CLI Ubuntu. This real-world experience has prepared us for upcoming tasks and challenges in the workplace.

5. Security Awareness: We learned the importance of protecting digital assets by establishing strong security measures. We now understand that maintaining application security against new threats requires constant effort.

Ultimately, the project was about more than just producing a good product; it was also about us developing as a team and as individuals in our careers, because of the lessons we learned during this project, we are now better prepared to handle similar tasks in the future.

Future roadmap

Features we would hope to implement in the future include:

• Compare Different LAM Stations Side by Side

• Improve Web App Accessibility Measures

• Localization for Swedish

• Enforce Secure Coding Practises

• Harden All the Containers

Additionally we would like fix all the vulnerabilities found during the automated security scans, implement the ZAP vulnerability scanner in the security pipeline, and add the missing translations for the Norwegian localization feature.