Case studies

Before and after.

Real projects. What the system looked like when we started, what changed, and what the outcome was — in numbers.

01Logistics14 weeks

PHP 5.6 order management system — migrated to modern stack with zero downtime

System AuditRefactoring & MigrationSecurity Hardening

A regional freight company ran their core order management system on PHP 5.6 with a MySQL 5.5 database and zero test coverage. Deployments required a maintenance window. A single developer understood the system. I migrated the entire stack incrementally over 14 weeks — the system stayed live throughout.

0: minutes of downtime during migration
14wk: total engagement length
68%: test coverage (from 0%)
12×: faster deployment cadence

Before

PHP 5.6 — end-of-life since December 2018
11,000 lines of procedural code, no framework
Direct SQL string concatenation throughout (SQL injection risk)
Deployments required 2-hour maintenance windows
No test coverage — every change was a manual regression test
One developer with full knowledge, no documentation

After

PHP 8.3 with Laravel, PSR-4 autoloading, and Composer
PDO prepared statements across all database interactions
CI/CD pipeline with automated tests on every push
Zero-downtime deployments via blue-green strategy
68% test coverage on business-critical paths
Architecture documented — three developers can now work on it

02Financial Services8 weeks

Payment processing API — critical vulnerabilities closed before audit deadline

System AuditSecurity Hardening

A fintech startup inherited a payment processing API from an acquired company. A PCI DSS audit was three months away. The system had seven critical CVEs in dependencies, credentials committed to git history, and no rate limiting on authentication endpoints. I closed every finding before the audit.

7/7: critical CVEs remediated
100%: PCI DSS audit findings resolved
11wk: delivered ahead of audit deadline
0: findings flagged in final audit

Before

7 critical CVEs in third-party dependencies (unpatched for 18 months)
Database credentials committed to git — present in full history
No rate limiting on /login — brute-force trivially possible
Session tokens stored in localStorage (XSS exposure)
Error responses included stack traces in production
No security headers — CSP, HSTS, X-Frame-Options all absent

After

All 7 CVEs remediated; dependency update pipeline established
Git history rewritten, credentials rotated across all environments
Rate limiting and account lockout on all auth endpoints
HttpOnly, Secure, SameSite cookies replacing localStorage tokens
Production error handler returns opaque 500 responses; logs internally
Full security header suite with strict CSP policy

03SaaS / HR Tech10 weeks

Internal HR tool — jQuery frontend replaced with React, user errors down 60%

System AuditUX Modernization

A 200-person company ran their leave and HR management on an internal tool built in 2014 with jQuery and Bootstrap 3. The interface was confusing enough that managers called HR to do things themselves. I replaced the frontend without touching the Rails API — the backend stayed entirely unchanged.

6.2s→1.1s: page load time (LCP)
60%: reduction in user errors
87%: drop in UI-related support tickets
9→3: steps to complete a leave request

Before

jQuery 1.x and Bootstrap 3 — no component model
Leave application flow required 9 steps across 4 pages
No mobile support — unusable on phones
Page load time averaging 6.2 seconds
No keyboard navigation — inaccessible to screen reader users
Average 3.1 support tickets per manager per month for UI confusion

After

React 18 with Next.js — full component-based architecture
Leave flow reduced to 3 steps on a single page
Fully responsive — works on any device
Core Web Vitals: LCP 1.1s, CLS 0, FID <50ms
WCAG 2.1 AA compliant — keyboard and screen reader accessible
Support tickets for UI issues: 0.4 per manager per month

Your system next?

Every one of these started with a free audit call.

Book a free audit call