A prominent information security (infosec) consulting firm contracted me to overhaul the user interface for a complex, data-intensive desktop application used to classify and report vulnerabilities for internal and external networks; web, mobile, and thick-client applications; and website code reviews.

Although I cannot display full representation of the interface until the software has been released for general availability, I can share my strategy and improvements made possible by applying user-centered principles and by moving from a Windows Forms (Winforms) platform to Windows Presentation Foundation (WPF).

To identify key workflows and expose usability issues in the legacy application, I held contextual inquiry sessions with “pentesters” (penetration testers or ethical hackers—the pros who help organizations fight cyber attacks). I then organized a card sorting event to prioritize key functionality, data, and filter parameters.

Moving from Winforms to WPF enabled better data visualization. The treemap below communicates a project’s distribution of vulnerability states and severities at a glance, data that was previously presented only in plain text format.

 

The ability to filter massive data sets is essential to productivity. I replaced a cumbersome UI with a flexible pattern that allows the user to select relevant filters and parameters, and easily remove filters. I also introduced a ribbon to make functionality more discoverable to new users of the application (most functions in the legacy app were available only through contextual menus and keystrokes).

 

This application interfaces with many national and international databases, including the U.S. government’s National Vulnerability Database (NVD). The NVD supports the Common Vulnerability Scoring System (CVSS), an industry standard for assessing the severity of security vulnerabilities. I designed the CVSS window to improve visibility and editing of CVSS metrics.

 

To improve the affordance of all status icons (including consideration for color blindness), I worked closely with a visual designer. The new icons also accommodate verification (V) and report (R) indicators so pentesters can assess multiple factors without opening additional tabs or windows.

 

The ribbon includes many commonly recognized icons (e.g., search, filter, refresh, delete). The sampling below illustrates custom icons that incorporate common patterns where possible (filter-update instances, queue for import), as well as truly custom icons for functionality unique to the app (correlate master finding, bulk assign).

 

To ensure a consistent user experience throughout the application, I documented UI standards for the development team, and the visual designer provided design specifications for all interaction elements, containers, and fields.