Spox Trading Platform

Revolutionizing sports engagement by transforming one-off bets into continuous, tradeable assets. Built with enterprise-grade security and real-time performance.

Angular

NestJs

PostgreSQL

TradingView

Socket.io

View Live Platform View White Paper

My Role

Frontend Lead • Security Architect

The Challenge

Building a secure, real-time trading platform that transforms sports engagement

530+

Active Users

100%

Security Score

<1s

Response Time

99.9%

Uptime

The Problem

  • Traditional betting offers binary outcomes with stakes that expire after each match
  • Existing platforms lack real-time responsiveness for live trading
  • Financial platforms require bank-grade security often overlooked in sports apps
  • Scalability challenges during concurrent real-time data streams

The Solution

Sports fans globally wager billions annually but lack investment-style instruments that preserve value beyond individual match outcomes.

SPOX creates a secure, real-time trading environment that bridges traditional sports engagement with modern fintech, opening a new market category while maintaining enterprise-level security and performance standards
Result: 530+ active users trading profitably

Technical Architecture

Built with modern, scalable technologies

Frontend

  • Angular
  • TypeScript
  • IndexedDB
  • TradingView
  • Socket.io
  • Tailwind CSS

Backend

  • NestJS
  • PostgreSQL
  • Socket.io
  • JWT + Google OAuth 2.0
  • API Architecture: RESTful + Socket.io events

Security

  • Software Composition Analysis (SCA)
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Load Testing & Performance Benchmarking
  • Threat Modeling (STRIDE)

Infrastructure

  • Horizontal Scaling
  • Load Balancing
  • Redis

Architecture Decisions

Frontend Choice

Angular's TypeScript foundation naturally complemented Socket.io streams for live chart updates and complex state management.

Backend Architecture

NestJS mirrors Angular's modular structure, enabling clean separation between trading logic, match aggregation, and user management with ACID-compliant PostgreSQL.

Scaling Strategy

Stateless API design with horizontal scaling implemented early, enabling seamless load distribution during major matches with institutional-grade TradingView charts.

Key Features

Innovative solutions to complex challenges

Real-Time Trading Engine

Sub-second price updates with bidirectional Socket.io connections

Challenge: Maintaining price consistency across 100+ concurrent users
Tech: IndexedDB, Socket.io, Event-driven architecture

Interactive Real-Time Charts

Professional-grade charting with technical indicators and live updates

Challenge: Custom datafeed adapters for real-time candle synchronization
Tech: TradingView Library, Custom Data Adapters

Enterprise Security

Enterprise-grade security testing including vulnerability scanning, static/dynamic analysis, load testing, and formal threat modeling before and during deployment.

Challenge: Bank-grade security without sacrificing development velocity
Tech: Snyk, OWASP ZAP, Nikto, Grafana k6, STRIDE

Multi-Auth & KYC

Traditional and Google OAuth with mandatory identity verification

Challenge: Managing verification states across features gracefully
Tech: JWT, Google Auth2.0, Multi-step verification flow

Horizontal Scaling

Stateless architecture handling traffic spikes during major matches

Challenge: Socket.io connection integrity during scaling operations
Tech: Load balancer, Redis sessions, Sticky connections

Live Match Data

Real-time fixtures and scores synchronized with trading availability

Challenge: Normalizing inconsistent data from multiple sports APIs
Tech: Polling services, Socket.io broadcasts, Adapter pattern

Staking System

Users can stake holdings to earn additional rewards based on holding duration and market participation.

Challenge: Ensuring staking calculations are accurate, auditable, and resistant to exploitation.
Tech: API interaction, Socket.io connection

Enterprise Security

Comprehensive testing ensuring zero incidents

Software Composition Analysis

Scanned 300+ npm dependencies identifying outdated packages with known CVEs. Implemented automated dependency updates via Dependabot.

Static Analysis (SAST)

Analyzed codebase identifying potential injection points, credential exposure risks, and insecure configurations before runtime.

Dynamic Analysis (DAST)

Tested running application simulating attacker behavior, validating authentication security and SQL injection prevention.

Threat Modeling

Applied STRIDE framework identifying 13 potential threat vectors with implemented mitigations including rate limiting and encryption.

Zero Security Incidents
SCA • SAST • DAST • Threat Modeling • Load Testing

Lessons Learned

🔄

What I'd Do Differently

  • Implement comprehensive E2E testing with Cypress from the start
  • Begin with infrastructure-as-code rather than retrofitting later
💡

What Surprised Me

The complexity of maintaining real-time state consistency across hundreds of connected clients. Socket.io management became a project in itself. Optimistic UI updates created perceptibly better experience even when actual latency was unchanged.

🏆

Most Proud Of

  • Zero security incidents despite handling real user funds
  • Platform feels as responsive as traditional finance apps

Let's Build Something Amazing

I'm open to opportunities where I can bring this level of technical rigor, security-first mindset, and user-focused design to your team.

View Live PlatformGet in Touch