Hyun

My work and me

About Me

Hello, my name is Hyun — I am a designer and technologist creating symbiotic relationships between information and people. I am currently working with researchers, engineers and designers at IBM Research in Yorktown Heights, New York.
If you have any questions or have something in mind for discussion, please don't hesitate to contact me.

Commercial

Community

Recreational

Legacy

IBM AppScan Mobile Analyzer

IBM AppScan Mobile Analyzer

2014-15 — Commercial :: Technologist and User Experience Designer working at IBM

Teaser image for the IBM Security AppScan Mobile Analyzer project.

SYNOPSIS: IBM AppScan Mobile Analyzer is a tool aimed for mobile application developers to scan their applications for security vulnerabilities. For the initial release, AppScan Mobile Analyzer provides a PDF report of the detected vulnerabilities from the scanned application.

Major Skills Applied

  • Visual Design
  • User Experience
  • Ad-hoc Technology Interpreter

All projects at IBM Design are worked on and produced in teams. My specific contributions for AppScan Mobile Analyzer were mainly on technology research, integration designs, future envisioneering designs, and applying previously gathered design patterns, research, and technologies to the project.

Problem

EVERYDAY a plethora of security vulnerabilities are discovered for various platforms. It is normal to have an average of over 100 security issues, whether new or old, even in a relatively small and simple application. In order to contain this insanity, AppScan Mobile Analyzer helps prioritize and fix the security issues by providing a thorough audit and report of their software.

The personas below were crafted by the involved designers and researcher from banking and enterprise IT companies in North America and Western Europe. The data gathered to create these personas involved shadowing and interviewing current as well as prospective clients.

Unlike all other AppScan products, AppScan Mobile Analyzer's goal is to deliver a security audit of an application to developers so they could then alleviate the security issues. It is an augmentation tool for developers to help create secure applications. The flow of the upload procedure had to be straight forward and guided. The user must be able to upload an application, feed it to AppScan Mobile Analyzer, and be provided with results.

  1. 1. Choose type of platform to scan; Android, iOS or web
  2. 2. Upload the application or point to a URL
  3. 3. Wait for scan to complete
  4. 4. Receive the audit

The second step of uploading an application for Android and iOS was complicated because of the product being a cloud service. Clients did not want to upload their source code online. The design and technology had to accommodate for an intermediary step where the user has to convert their code into a binary format that only AppScan Mobile Analyzer can understand. There are two paths for timing of the scan that the user can choose after uploading: wait for AppScan to complete scanning, or choose to be alerted by an email of the product. After the scan, the user can access the report by navigating to the product's page under “Scan Results”.

Process

EXHIBIT A is what I think of when I look back on this project. Exhibit A of what not to do. Consultancy is the style of approach that was taken in collaborating with the AppScan Mobile Analyzer team. At IBM Design there is a framework that designers follow called "IBM Design Thinking". Every product team is expected to follow such guidelines, however, this product was considered an exception because it was part of a pro bono side project for the team that was picked up by the design manager. Rather than the using IBM Design Thinking, a more aggressive and faster-pace style of a design agency was used instead. Although the project was finished in a relatively short period of time, because of the lack of design thinking and abrupt insertion of the design team, there were some core experience issues that ultimately we could not solve. A lot of work was to be done in the visual side as the experience and technology research was largely done and established in another product; AppScan Enterprise.

  1. Liz, Creative Director :: Direction
  2. Cameron, Design Lead :: UX and Visual
  3. Yael (Israel), UX Designer
  4. Lara (Ireland), Visual Designer
  5. Allison, Visual and Content Designer
  6. Hyun, Technologist
  7. Simon (Ireland), Front End Developer
  8. Leigh (Ireland), Front End Developer
  9. Engineering Team (+5 Israel)
  10. Product Management (+2 Israel)

My part largely was to translate the information architecture, as well as user flow from a bigger enterprise tool to a more streamlined narrow-focused product which AppScan Mobile Analyzer is. The developer base was changed from enterprise level Java developers to iOS, Java and web application developers. The challenge was to have less management, but more actionable data, as it would be more relevant to the target audience; the developers not the usual security analysts.

Final Product

Screenshot of the upload process for Android applications.
Screenshot of the upload process for Android applications.
Screenshot of a scan in progress.
Screenshot of a scan in progress.
Screenshot of scan results.
Screenshot of scan results.