Posted 13 Hours Ago Job ID: 2107556 24 quotes received

MSP software

Featured
Fixed Price or Hourly
China (+4)
Quotes (24)  ·  Premium Quotes (2)  ·  Invited (21)  ·  Hired (0)

  Send before: July 24, 2025

Send a Quote

Programming & Development Web Development & Design 

Objective
We are American company we need stand alone software  and cloud Web-Based Security Management Platform that:
  1. Scans systems (devices, users, mailboxes, browsers, etc.).
  2. Detects security issues.
  3. Analyzes system posture.
  4. Generates actionable recommendations.
 
 Core Modules
1.  System Scanning & Inventory Module
  • Collects:
    • Users
    • Devices (Windows, macOS, Linux endpoints)
    • Mailboxes (e.g., Microsoft 365, Gmail)
    • Internet-facing assets (domains, IPs)
  • Tools:
    • SNMP, WMI, or APIs (e.g., Microsoft Graph API, AWS SDK)
2. Security Control Assessment Engine
  • Checks if key controls are in place:
    • Antivirus/EDR
    • Encryption
    • Patching status
    • MFA (Multi-Factor Authentication)
    • Dark web monitoring
    • Cloud misconfiguration scanner
  • Tools:
    • OpenVAS, Nessus, OSQuery, custom PowerShell scripts
3. Dashboard Interface
  • Built using React + Tailwind CSS (like your example)
  • Includes:
    • Radar charts for control coverage
    • Risk bars (Critical → Low)
    • Real-time widgets
4. AI-Powered Recommendation Engine
  • Based on scanned data, outputs:
    • Risk descriptions (e.g., “MFA missing on 2 mailboxes”)
    • Recommendations (e.g., “Enable MFA via Azure AD portal”)
  • Can use:
    • Predefined rules
    • GPT or local ML model for smart summaries
5. Remediation Workflow
  • Allow users to mark issues as fixed or ignored
  • Export reports
  • Trigger scripts via agent to apply fixes
 
🔐Tech Stack Suggestion
Layer
Tools
Frontend
React + Tailwind CSS
Backend API
Node.js (Express) / Python (FastAPI or Django)
Database
PostgreSQL or MongoDB
Agent (for endpoints)
Python script / PowerShell / OSQuery agent
Cloud integration
Microsoft Graph API, AWS SDK, Google Workspace API
Security Tools
OSQuery, OpenVAS, Nmap, Nessus (optional)
 
 
  
Example Workflow
  1. Agent/API pulls data from devices and cloud.
  2. Backend processes it.
  3. Dashboard shows the analysis.
  4. Recommendation Engine suggests fixes.
  5. Admins review, take action, or export reports.
===============================================================  USER ACCOUNT SCANS
1. Local User Accounts (on endpoints/servers)
  • Username
  • Account type (Administrator, Standard)
  • Last login time
  • Password age
  • Account status (enabled/disabled)
  • MFA (Multi-Factor Authentication) enabled/disabled
  • Group membership (e.g., Administrators group)
  • Account lockout policy compliance
2. Cloud User Accounts (Microsoft 365, Google Workspace)
  • Display name and email
  • Login activity
  • Admin privileges
  • MFA status
  • External sharing permissions
  • OAuth app authorizations
  • Mailbox forwarding rules
  • Linked mobile devices
💻 DEVICE SCANS
1. Operating System & Hardware Info
  • OS name and version
  • System architecture (32-bit, 64-bit)
  • BIOS/firmware version
  • Hostname
  • Hardware vendor and model
  • Serial number or UUID
  • Drive encryption status (e.g., BitLocker, FileVault)
  • Boot mode (Secure Boot enabled/disabled)
2. Patch & Update Status
  • OS patch level
  • Pending security updates
  • Last update time
  • Failed update logs
3. Running Processes & Services
  • List of running processes with:
    • Process name
    • Path
    • Owner
    • Hash (SHA256)
  • Services and startup type (auto/manual/disabled)
4. Installed Applications
  • Application name and version
  • Publisher
  • Install date
  • Unpatched/vulnerable versions (using CVE database)
5. Antivirus and Endpoint Protection
  • Antivirus vendor
  • Real-time protection status
  • Virus signature update date
  • Detected threats and quarantine history
6. Firewall & Network Security Settings
  • Firewall status (enabled/disabled)
  • Active rules and open ports
  • Remote desktop settings
  • Windows Defender or 3rd party firewall logs
MAILBOX SCANS
1. Mailbox Configuration
  • Mailbox size and quota usage
  • External forwarding rules
  • Delegates and permissions
  • Mailbox login history
2. Security Policies
  • Spam filter settings
  • Phishing protection status
  • Data loss prevention policies applied
  • Email encryption enabled/disabled
  • Authentication methods (OAuth, legacy protocols)
 
BROWSER & INTERNET USAGE SCANS
1. Installed Browsers
  • Browser name and version
  • Update channel (stable, beta)
  • Last update date
2. Browser Extensions
  • Extension name
  • Source (official store or sideloaded)
  • Permissions granted (e.g., access to all sites)
  • Known malicious status (via threat intelligence feed)
3. Browsing History & Cookies (optional, for forensics or monitoring)
  • Last visited URLs
  • Tracking cookies count
  • Downloads from unknown sources
CLOUD STORAGE / CLOUD DRIVE SCANS
1. Connected Cloud Drives
  • Google Drive, OneDrive, Dropbox, Box, etc.
  • Number of files/folders
  • File sharing permissions (public, restricted, etc.)
  • External file sharing links
  • File type risks (executables, macros, etc.)
2. Data Leak Checks
  • Sensitive file scans (e.g., PII, credentials, financials)
  • File integrity monitoring (changes, deletions)
 
INTERNET-FACING ASSET SCANS
1. Domain & IP Intelligence
  • Domain WHOIS data
  • SSL certificate validity and encryption type
  • Open ports (via Nmap or similar)
  • HTTP security headers (HSTS, X-Frame-Options, etc.)
  • DNS records and exposure
2. Web Application Vulnerabilities
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Remote Code Execution (RCE)
  • Outdated CMS (WordPress, Joomla, etc.)
3. Threat Exposure
  • Dark web mentions of domain or IP
  • Breached credentials linked to domain
  • Abuse reports or blocklists
 
SECURITY CONTROL CONFIGURATION SCANS
1. Identity and Access Management
  • Password policy compliance (length, complexity)
  • Account lockout threshold
  • MFA policies and exceptions
  • Admin role assignments review
2. Data Protection
  • Encryption policies (at-rest, in-transit)
  • Data loss prevention (DLP) configuration
  • Backup and recovery settings
3. Device Compliance Policies
  • Antivirus required/enforced
  • Auto-lock and timeout policy
  • Device wipe or remote disable options
 
  1. Backend & Database: Implement the Node.js/Python backend with PostgreSQL/MongoDB to store real data.
  2. Agent Development: Create actual agents (Python/PowerShell) for endpoint scanning and remediation.
  3. API Integrations: Connect to real APIs for Microsoft 365, AWS, Google Workspace, and commercial security tools (OpenVAS, Nessus, etc.).
  4. True AI/ML Integration: Implement the recommendation engine using a real LLM (like Gemini API) or a trained ML model for more dynamic and intelligent recommendations.
  5. User Authentication & Authorization: Implement secure user login, roles, and permissions.
  6. Real-time Updates: Use WebSockets or similar technologies for real-time updates from agents and backend.
 ... Show more
Add to Watchlist Send a Quote
Dr. E United States