Cybersecurity
Database
SaaS
my role
UI/UX Designer
timeline
2 Months
Responsibilities
UX Research
Information Architecture
Visual Design
Overview
“VulnIndex” is a specialised web platform designed to aggregate and simplify software vulnerability data. Combining features for real-time CVE searching, severity risk assessment, detailed security documentation, and threat monitoring, it offers a streamlined approach to cybersecurity research. With this tool, users can not only quickly locate critical technical details but also efficiently analyse security risks. Thanks to its structured and data-centric design, 'VulnIndex' makes complex vulnerability tracking accessible and convenient for professionals.
INITIAL CHALLENGES
Designing the interface for VulnIndex presented extreme data-density challenges. The core hurdle was structuring a massive, 12-column data grid that could simultaneously display lengthy, unpredictable text (like report titles) alongside concise, highly specific metadata. Balancing this high data density with immediate readability was crucial to prevent cognitive overload. To solve this, I designed a highly scannable, color-coded pill system that instantly communicates critical variables like Severity and PoC Availability without cluttering the primary workspace. Furthermore, maintaining usability on smaller screens demanded creative responsive design solutions for horizontal data tables - ensuring analysts never lose context while scrolling through dense technical information.
RESEARCH &
brand immersion
I immersed myself in the daily workflows of cybersecurity professionals, auditing existing vulnerability databases to analyze how legacy platforms fail at handling high-volume technical text. This insight drove the design of the prominent, multi-parameter filtering bar, allowing users to drill down by Language, Technology, Root Cause, and CWE. User research also highlighted a critical pain point: visual fatigue from parsing wall-to-wall data. This directly informed our dark-theme UI. Finally, to align with the brand's core promise - "The Shortcut To Security Knowledge" - the visual identity pairs crisp typography with a subtle architectural grid to convey the technical rigor of a modern, high-precision developer tool.
user persona
32 y.o.
Single
M.S. in Computer Science
FRUSTRATION
Struggles with search tools that fail to accurately query specific lines of code, raw HTTP headers, or exact JSON parameters without breaking the syntax.
The most valuable write-ups are buried deep within HackerOne/Bugcrowd activity feeds or obscure personal blogs, lacking a unified search interface.
Sifting through hundreds of repetitive, low-quality, or AI-generated blog posts just to find one unique payload or valid Proof of Concept (PoC).
GOALS
Search complex data for highly specific, niche exploit chains and code snippets rather than reading generic, high-level CVE descriptions.
Monitor recently published write-ups to spot trending attack surfaces or newly discovered vulnerable software stacks across different target companies.
Quickly surface historical reports to see how other hackers bypassed similar security filters (e.g., WAF evasion techniques or specific parameter tampering).
Time is money in bug bounty, and right now, I lose hours just hunting down old write-ups instead of actually hunting bugs. I don't get paid to read PR spin, vendor advisories, or high-level CVE summaries. I need a search engine that actually understands what a raw HTTP request looks like - a place where I can drop in a specific parameter or a chunk of code and instantly pull up every historical bypass and PoC across HackerOne, Bugcrowd, and random personal blogs. If a brilliant researcher took their site offline two years ago, I still need to see that payload.
KEY LEARNINGS
Managing a 12-column data grid requires a rigorous “Signal-to-Noise” hierarchy. For expert-level tools, information density is a requirement, not a drawback. Prioritising critical metadata - such as Severity levels and PoC availability - ensures researchers can parse massive datasets instantly, eliminating the cognitive fatigue often associated with complex security databases.
PRECISION-DRIVEN
FILTERING
Transitioning from basic dropdowns to a unified “Filter Engine” modal aligns the UI with the logic of a complex technical query. Providing granular control over niche parameters, such as specific JSON payloads and code snippets, transforms a passive database into a high-performance tool built for the specific mental models of power users.
OPTIMIsING
TIME-TO-INSIGHT
The utility of a cybersecurity platform is measured by the speed of discovery. Consolidating fragmented data sources - ranging from obscure personal blogs to Bugcrowd activity feeds - into a single actionable view eliminates manual “hunt time.” The UX focuses on turning raw data into active threat intelligence, directly supporting high-stakes, rapid-response workflows.
