Attack Surface Manager: UX & UI Case Study
Attack Surface Manager is an application that measures remediation rates and vulnerabilities in software. It allows to provide a SaaS between companies that develop software and the cybersecurity company. The main business is to provide a comprehensive service through the squad plan, where the processes are integrated by teams in each phase. This is called Continuous Hacking. The ideal user for this service is the executive within an organization and its clients are startups, international banking and financial entities.​​​​​​​
Attack Surface Manager is an application with more than 20 years in production. Its core business has been modified many times by engineers and developers with a very old and unfriendly interface for the user. 
There are no user experience logs, just a short style guide for the interface. So my main challenge is to start implementing a new user experience and interface. Its redesign is an ongoing process and with recent tests it is in a phase of improvement every week.
UX Designer
As a UX Designer my role is to carry out user research through the qualitative method. I developed a questionnaire to learn about the experiences related to the Attack Surface Manager and how they interact with it. I took the surveys remotely through Google Forms to get their responses.
UI Designer
As UI Designer I developed as a first task an atomic style system for the company's product. Create the front of the look based on the Tachyons framework that the company currently uses.
Graphic Designer
As a multidisciplinary designer I developed illustrations to support visual communication. Creating these resources are essential for new users who need to support themselves through analogies during their navigation and interaction with the platform.
Using Point of View and How Might We
I consult with project managers, stakeholders, developers, and analysts for customer experiences. Their responses were very revealing and I gained a deeper understanding of the problems users have when using the product. So I checked the public reviews about the company's service and the testimonials of good and bad experiences to get feedback from clients.
The Project Manager give me the most valuable information. The virtual meetings we had were about the product, its approach, technology changes, migration, customer service and interface. I learned that the end user needs to achieve with very clear objectives of evidence, findings and location of vulnerabilities in a system. The PM has more contact with the client and their point of pain and frustrations. He's very communicative, so I learn a lot thanks to him.
The following table shows some of the common user experience issues. The most common problems you have are communication and user interface.​​​​​​​
To create a human-centric product, I wrote a list for the UX and UI redesign stages:
1) Research and Benchmark
2) Atomic Design System
3) Layout
4) Components and Library
5) HCI: Interactions and Micro-interactions
6) Prototyping and Usability Testing
My first task as a designer, was redesigning the app using the current style so the impact was low. After a year in the company the request of the Head of Product was to redesign the entire application. So I started with the base of the product at a more atomic level and then expanded it to have a consistent user interface.
1- Research and Benchmark
I did two surveys and interviewed a hacker, a developer, a project manager and an engineer. The purpose of this is to know all the user profiles that interact with the application. The Attack Surface Manager has organizational and group level roles for the customer, but it also has many internal roles for the different teams within the company that are also users.
It was not an easy task. The biggest challenge I had was getting elaborate and communicative responses. The questions were demographic, about their routine and your interaction with the platform.
Before I started, I looked up some similar products, services and companies that offer pentesting as a service in order to gain insight into best practices, design and patterns that might apply to your application. After that, I realized that the competition does not offer a demo version for customers. So the first part of the investigation was null, because these companies have priority to restrict public access.

You may also like

Back to Top