SaaS Monmer – A Solution That Protects Your Business

A website, a platform, or a mobile application consists of many components. Some of them are visible and can even be interacted with directly – this is the Front-End. Another part operates “in the shadows,” including the Back-End, the server, and so on. In addition to that, there may be another software layer whose purpose is to control access to the system, monitor risky traffic, and detect attempts to breach the database.

Monmer is the embodiment of a universal protection system for software solutions and internal data against various risks. This platform combines not only conventional tools and mechanisms but also implements more advanced solutions such as AI. Its development made it possible to address several sensitive issues at once and ensure the security of digital infrastructures across various business niches.

Want more details? Explore the following sections of the case!

Over the past decade, you’ve repeatedly heard about the release of new security systems. Such news is especially prominent in game development, with solutions like Denuvo and similar. However, the topic of digital security in business often remains behind the scenes, as any valuable information leaked online can harm those who use such protection systems.

In recent years, we have implemented various security systems in client solutions. However, one of them decided to go further and commissioned the development of a separate infrastructure for their own needs. That’s how the idea for Monmer was born, based on the following principles:

• Automation of vulnerability and threat tracking processes.
• Isolated system administration tool (Super Admin).
• Multi-tenant management of organizations and audit procedures.
• LLM for faster risk response.
• System reliability and ease of maintenance.

Even on paper, these basic aspects look complex; in practice, the platform’s implementation turned out to be even more difficult and problematic. Although ultimately successful.

We immediately understood the client’s concept – a SaaS platform responsible not for the security of a single enterprise, but functioning as a foundation for managing cyber risks for multiple businesses at once. On the one hand, this simplifies development, but on the other – increases responsibility. But more on that later.

So, to build the product, we used an optimal technology stack, including:

• Backend: Node.js, Express.js
• Frontend: React.js, TypeScript
• Authentication: Clerk
• Database: PostgreSQL
• File storage: Google Cloud Storage
• Task scheduling and background jobs: Cron jobs, Hangfire
• AI integration: OpenAI ChatGPT API
• DevOps: Google Cloud Platform (GCP)

Using this tech stack, we implemented the following features:

• Multi-tenancy support with a hierarchical structure of organizations and users, accessible in read-only mode by the Super Admin.
• A dynamic initial assessment flow with a scoring logic and conditional questions.
• Admin panel for uploading and managing frameworks, language files, SMTP templates, and AI prompts.
• External Attack Surface Management module with automatic JSON file retrieval and storage.
• Detailed audit logs and dashboards showing the latest users and organizations.
• Wizard Mode for step-by-step user onboarding and inventory self-assessment.

Most importantly – we built a controlled, isolated environment for managing the system’s tools. As a result, editing core algorithms and upgrading the platform is only possible locally. This significantly improves the overall security of the product and eliminates any possibility of external interference with its operation.

We can't say the development went without issues, as the system is far more complex than mobile or even highly secure web applications. To be fair – we successfully tackled the challenges, which we’ll discuss further.

The concept was solid, but the tools for its implementation were critically lacking. So, after a series of brainstorming sessions, we created a roadmap that we followed throughout the process. As a result, we:

• Developed a flexible multi-tenant architecture with detailed role management.
• Integrated the OpenAI ChatGPT API to generate personalized framework recommendations based on users' dynamic responses.
• Automated the processes of uploading and processing initial assessments with conditional scoring logic.
• Built an external scanning module that asynchronously retrieves and processes test results from dedicated Linux servers and stores them per organization.
• Ensured a high level of security, including IP-based access restrictions for the isolated Super Admin module.
• Developed a powerful admin panel with the ability to edit language files, SMTP templates, and the audit log.

This way, we eliminated 99% of the challenges posed by the project. Why not 100%? It’s simple – perfection doesn’t exist, and everything has its own vulnerabilities. Though we must admit, we did everything possible to eliminate potential risk sources – and we did so as much as the available technologies allowed. We even added a few things of our own to proactively eliminate some hypothetical problems.

And although the system is already up and running, we’re not stopping its modernization. Step by step, we continue improving the platform and adding new tools to neutralize all potential threats.

Monmer is a modern example of a multi-vector centralized data protection system – or simply, cybersecurity. The platform combines an isolated core from which mechanisms and algorithms can be used to implement a powerful security system for the digital infrastructure of virtually any individual business.

Through this project, we achieved the following advantages for the client:

• Improved security level through transparent vulnerability tracking and automated compliance processes.
• Reduced manual work thanks to automation of initial assessments, framework recommendations, and external scanning integrations.
• Flexible platform administration and secure management of multiple organizations via an isolated Super Admin panel.
• Clear overview of critical findings for faster risk response.
• Possibility of deployment on both cloud infrastructure and locally, depending on the client’s needs.

As a result, the client received a high-quality SaaS security system that they can use independently and monetize as a service for third-party businesses. We, in turn, gained a new partner and a round of positive feedback about the implemented product.

Want to build a similar project? Need expert assistance? Trust the specialists at BuildApps. Contact a manager to start working with us!