Brought to you by
Document logistix
Share this content

Do you ask about the security of your Finance software? Few people ask about vulnerabilities. Here's how DLX ensure the security of customer data.

19th Nov 2019
Brought to you by
Document logistix
Share this content

Document Logistix invests in stringent product testing to benefit customers and in-house developers

Award-winning document management software firm, Document Logistix creates document management solutions that help to eliminate the use of paper, improve records management and automate business processes. Its software powers operations handling highly sensitive, confidential information – so security is a high priority. 

Seeking a higher level of confidence in its application security testing, the company turned to WhiteHat Security to secure its DevOps environment and automate its processes. Document Logistix uses WhiteHat Sentinel Source for static application security testing (SAST) and WhiteHat Sentinel Dynamic for dynamic application security testing (DAST). The company also relies on the security experts with WhiteHat’s Threat Research Center (TRC) for added assurance in uncovering security vulnerabilities.

In 2018 Document Logistix won the prestigious Product of the Year award for Workflow and Business Process Management, and in 2019 Document Logistix was a finalist in the Computing Security awards.

Business Needs: systematizing product testing
“Our application is basically a portal for sharing documents. It’s not a banking application – we don’t store credit card information – but document management can be equally if not more vulnerable to people trying to gain access to things they shouldn’t see,” says Tim Cowell, CTO, Document Logistix

Document Logistix’s application, Document Manager, provides a flexible platform for completely paperless business processes and highly efficient archiving. Document Manager is highly customizable for a large range of finance and business processes. This could be for something as mundane as proof of delivery, where the risk of data loss is fairly minimal, or for more sensitive financial information like banking records, or personnel documents, where the possibility exists for people to see records they should not be viewing. This has become even more important since the EU’s GDPR came into effect, as there are penalties for non-compliance.

“The biggest problem was the huge unknown. Our customers are high profile and high risk. We needed a solution that gave us a better process,” said Cowell.
Dynamic security testing - customer data protection

Static and Dynamic Application Security Testing
Document Logistix implemented SAST using WhiteHat Sentinel Source to scan code for errors and ensure a more secure product design. Later, it added DAST using WhiteHat Sentinel Dynamic, providing them with automatic detection and assessment of code changes and alerting for newly discovered vulnerabilities, as well as reporting and intelligence metrics. 

“With DAST, we have confidence in saying to our customers ‘this is what was done to make your information more secure,’ and they know that every time there’s a new build of the application, it gets a new test,” said Cowell.

In addition, WhiteHat TRC provides Document Logistix with an added layer of protection against security vulnerabilities. At the end of each day, any new code written is uploaded to the TRC, where it is checked by a WhiteHat security expert, and an automated report identifying any anomalies is then sent back to Document Logistix, so they can take any necessary actions.

The Benefits of Software Product Testing
The combination of SAST and DAST provides Document Logistix with a platform for testing its application and DevOps environment, and automating the processes required to comply with the complex rules of paper and electronic document management. This includes full auditability of its application, the ability to plan workflows, perform complex retention policy management, and define policies for certain classes of documents, including what documents should or should not be disclosed, and to whom.

The WhiteHat Application Security Platform has given Document Logistix full confidence in the security of its products and its ability to protect its customers’ information.

“Working with WhiteHat gives us added credibility with customers because we’ve raised the question of security first. It becomes a non-issue, because they understand we’re serious about our duty to protect their data,” said Cowell.