Work Aggregate Vulnerabilities

Aggregate a vulnerabilities view

Background / Problem

In 2021 we got many requests from customers that there were a need for their vulnerabilities results from different domains to be on the same page. Originally, this product was built to have about 5 domains, but this wasn't the case anymore- a lot of customers had more than a 1000s. This meant that the customer needed to click in in each domain to see what that specific domain's vulnerabilities were, and this took a lot of time. To add to that, usually the vulnerabilities were identical on many different domains. So one view for all would make sense for the customer.

Company:

Detectify

My role:

Product Designer

Team:

Product Designer

Product Manager

4 Developers

UX Researcher

Timeline:

2-3 Months

Process

Lean UX

For this project, we worked according to lean UX. The team worked closely together throughout the project, fostering shared understanding and alignment on goals and user needs. We conducted interviews together, workshops together, designed together, developed together etc

Conducting customer interviews

The team had gotten a lot of feedback from various interviews we conducted over the last year regarding this topic. So we decided to have more in-depth about this new view with customers. To follow a lean approach the participants in the intervews were not only designers and product managers, but also developers.

Workshops

With more conversations from the customer, the team could now identifies assumptions about user behavior, needs, and preferences that underpin the project in various workshops.

Quick Design

Me and the team quickly created a low-fi prototype together to explore and communicate potential solutions. The team developed a minimal version of the product or feature that includes essential functionality, to try on customers

Test the MVP on users

The MVP was released to a limited audience to gather real-world data and validate assumptions about user behavior and product-market fit.

Keep adding features

We continued to iterate on the product based on ongoing feedback and data, gradually adding features and refining the user experience.

Design Before

Design After

Key changes

Navigation

Users have to navigate through all their scan profiles to find separate findings for each domain. This was quite time consuming and most of the times the same vulnerability were found on multiple domains.

Solution: Have all the results on the same page

Filter

Mark and Find Findings

When marking a vulnerability as
false positive, fixed, or accepted risk, the user could no longer find those findings anymore.

Solution: Separate the findings in tabs - Open, Fixed, Accepted Risk and False Positive, to let the user go back to make sure the findings were marked correctly

Filters weren’t used due to many users didn’t know it existed - they were quite hidden and hard to understand. And on top of that, the filter didn’t really work, and most of the time, they didn't work with each other.

Solution: Made it clear where to find them, and made it easier to understand what was selected and how to remove them. Make them work!

Struggles

Getting to the finishline

We didn’t have that many struggles with this project, and I think it was because of how collaborative it was. The only problem was to get the developers to “finish” the design, after they’ve gotten an okay from the MVP we did. They wanted to continue with more features due to the high praise they got from customers.