Document Logistix creates document management solutions that help eliminate the use of paper, improve records management, and automate business processes. Its software powers the operations of some of the world’s most demanding, high-document-volume businesses, including major logistics companies like DHL and CEVA. These customers entrust Document Logistix with the handling of their information— much of which is highly sensitive or confidential—so security is a high priority.
Seeking a higher level of confidence in its application security testing, the company turned to Black Duck® to secure its DevOps environment and automate its processes. Combining Continuous Dynamic™ for dynamic application security testing (DAST) with static application security testing (SAST), Document Logistix updated its application security program to better protect its customers’ sensitive data. The company also relied on the security experts from Continuous Dynamic Threat Research for added assurance in uncovering security vulnerabilities.
Document Logistix’s application Document Manager provides a flexible platform for paperless business processes and highly efficient archiving. Because it’s not designed for a specific market, Document Manager is customizable for a large range of business processes, including those as straightforward as proof of delivery, where the risk of data loss is fairly minimal, and those involving more sensitive information like human resources records. This is especially important since the EU’s General Data Protection Regulation (GDPR) went into effect, which has financial penalties for noncompliance.
Attorneys general in the U.S. also use Document Manager for disclosure purposes, publishing prosecution case material to defense attorneys. Failure to protect this information could lead to mistrial.
With such high stakes, Document Logistix has always been focused on protecting customer data, but the company lacked a true application security solution. Several of its clients performed their own penetration testing and submitted issues to Document Logistix to remediate. The company also had internal staff checking code manually for security vulnerabilities, but this proved to be time-intensive and costly. The company needed an in-house solution that was both cost-efficient and effective.
With DAST, we have confidence in saying to our customers ‘this is what was done to make your information more secure,’ and they know that every time there’s a new build of the application, it gets a new test."
Tim Cowell, Founder
|Document Logistix
Document Logistix used SAST to scan code for errors and ensure secure product design. It then added Continuous Dynamic to detect and assess code changes in running applications, alert of new vulnerabilities, and provide reporting and intelligence metrics.
Continuous Dynamic Threat Research provided Document Logistix with an added layer of protection against security vulnerabilities. At the end of each day, any new code was uploaded to Threat Research, checked by a Black Duck security expert, and sent back to Document Logistix in an automated report that identified anomalies to be addressed.
The combination of SAST and DAST provided Document Logistix with a platform for testing its application and DevOps environment, automating the processes required to comply with the complex rules of paper and electronic document management. This included full auditability of its application, the ability to plan workflows, perform complex retention policy management, and define policies for certain classes of documents, including what documents should or shouldn’t be disclosed and to whom.
Company overview
Since 1996, Document Logistix has supplied its uniquely affordable and scalable Document Manager software to a variety of SME and blue-chip clients around the globe. The company’s U.K. and EMEA operations are headquartered in Milton Keynes, U.K., which is also its central point of product development, technical support, and training. The U.S. branch of the company is headquartered in Austin, Texas, and it has major contracts with the Texas Department of Public Safety, the Virginia State Police, and various agencies in other states. Document Logistix won Document Manager magazine’s prestigious award for the 2018 Product of the Year for Workflow and BPM.
See why DAST remains a primary pillar in a holistic AppSec program
Top 10 Most Common Web and Software Application Vulnerabilities
Preview the report