ORIC Admissions Platform
EdTech/FinTech admissions platform for the West African tertiary education market. Full security audit, 17-table data intelligence layer, mobile-first redesign, and server-verified Paystack payments — delivered in 6 phases.
The Problem
The West African tertiary education market lacked a production-grade admissions platform that could handle mobile-first applicants, real payment verification, and complex multi-step application workflows — while being secure enough to handle student personal data and financial transactions.
The existing codebase had critical security vulnerabilities including SQL injection, local file inclusion risks, hardcoded secrets, and no server-side payment verification. The mobile experience was broken below 768px, and there was no structured data intelligence layer to support institutional reporting.
The Solution
We approached this in clearly-gated phases, starting with a full codebase security audit before touching any features. Every finding was documented and remediated: secrets moved to environment variables, SQL injection points parameterized, file inclusion vectors closed, and a Content Security Policy introduced.
The data intelligence layer was designed as 17 new relational tables that could sit alongside the existing schema without a destructive migration — 618 rows of existing data were migrated without data loss.
The mobile-first redesign was validated from 360px (the minimum viewport for the target market's devices), and the 6-step guided application wizard was built with client-side validation mirrored by server-side enforcement at every step.
What Was Delivered
- Full OWASP codebase security audit with documented P0/P1/P2 findings and remediation
- Secret externalization (hardcoded credentials removed from source)
- SQL injection and local file inclusion vulnerabilities closed across 29+ files
- 17-table data intelligence layer with non-destructive migration of 618 rows
- Mobile-first redesign validated from 360px viewport
- 7-step guided application wizard with document upload
- Server-verified Paystack payment integration (webhook + server-side confirmation)
- Document extraction auto-fill (passport capture, WAEC slip parsing)
Outcome
6 of 12 planned phases delivered and running on production. The platform now handles the full student application lifecycle from form submission through document upload and payment verification. Security findings were reduced from critical to resolved. The mobile experience works across the full range of West African Android devices.
Need something similar?
Tell us about your project. We'll tell you what it would take to do it properly.