Sorry, not available in this language yet

English
日本語
简体中文

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.
AppSec IDE Plug-ins | Secure code as you write it in your IDE
Software Risk Management | Manage application security programs at enterprise scale
DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed
Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers
Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines
Dynamic Analysis (DAST) | Continuous web application security testing in production.
Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.
Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program
Threat & Risk Assessments | Understand and address internal and external security risks
Security Training | Equip development teams with the skills they need to produce more secure software
Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools
Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

AI-generated code | Harness the power of AI coding assistants while managing the risks
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Consolidation | Simplify your application security program
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud
Open Source License Compliance | Effective solutions for ensuring open source license compliance
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.
Security Teams | Align people, processes, and technology to minimize software risk and transform your business.
Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.
IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.
Automotive | Build software security & reliability into the modern connected car.
Telecommunications | Create seamless and safe mobile experiences, from silicon to software.
Aerospace & Defense | Solutions for automating mission-critical development.
Public Sector | Application security for government agencies and their suppliers.
Medical Device | Safeguard medical devices and applications.

Document Logistix Combines SAST and DAST to Ensure Security of Sensitive Customer Data

Summary

Document Logistix creates document management solutions that help eliminate the use of paper, improve records management, and automate business processes. Its software powers the operations of some of the world’s most demanding, high-document-volume businesses, including major logistics companies like DHL and CEVA. These customers entrust Document Logistix with the handling of their information— much of which is highly sensitive or confidential—so security is a high priority.

Seeking a higher level of confidence in its application security testing, the company turned to Synopsys to secure its DevOps environment and automate its processes. Combining WhiteHat™ Dynamic for dynamic application security testing (DAST) with static application security testing (SAST), Document Logistix updated its application security program to better protect its customers’ sensitive data. The company also relied on the security experts from WhiteHat Threat Research for added assurance in uncovering security vulnerabilities.

The challenge

Document Logistix’s application Document Manager provides a flexible platform for paperless business processes and highly efficient archiving. Because it’s not designed for a specific market, Document Manager is customizable for a large range of business processes, including those as straightforward as proof of delivery, where the risk of data loss is fairly minimal, and those involving more sensitive information like human resources records. This is especially important since the EU’s General Data Protection Regulation (GDPR) went into effect, which has financial penalties for noncompliance.

Attorneys general in the U.S. also use Document Manager for disclosure purposes, publishing prosecution case material to defense attorneys. Failure to protect this information could lead to mistrial.

With such high stakes, Document Logistix has always been focused on protecting customer data, but the company lacked a true application security solution. Several of its clients performed their own penetration testing and submitted issues to Document Logistix to remediate. The company also had internal staff checking code manually for security vulnerabilities, but this proved to be time-intensive and costly. The company needed an in-house solution that was both cost-efficient and effective.

With DAST, we have confidence in saying to our customers ‘this is what was done to make your information more secure,’ and they know that every time there’s a new build of the application, it gets a new test."

Tim Cowell, Founder

Document Logistix

The solution

Document Logistix used SAST to scan code for errors and ensure secure product design. It then added WhiteHat Dynamic to detect and assess code changes in running applications, alert of new vulnerabilities, and provide reporting and intelligence metrics.

WhiteHat Threat Research provided Document Logistix with an added layer of protection against security vulnerabilities. At the end of each day, any new code was uploaded to Threat Research, checked by a Synopsys security expert, and sent back to Document Logistix in an automated report that identified anomalies to be addressed.

The results

The combination of SAST and DAST provided Document Logistix with a platform for testing its application and DevOps environment, automating the processes required to comply with the complex rules of paper and electronic document management. This included full auditability of its application, the ability to plan workflows, perform complex retention policy management, and define policies for certain classes of documents, including what documents should or shouldn’t be disclosed and to whom.

Download the PDF

Company overview

Since 1996, Document Logistix has supplied its uniquely affordable and scalable Document Manager software to a variety of SME and blue-chip clients around the globe. The company’s U.K. and EMEA operations are headquartered in Milton Keynes, U.K., which is also its central point of product development, technical support, and training. The U.S. branch of the company is headquartered in Austin, Texas, and it has major contracts with the Texas Department of Public Safety, the Virginia State Police, and various agencies in other states. Document Logistix won Document Manager magazine’s prestigious award for the 2018 Product of the Year for Workflow and BPM.

Document Logistix Combines SAST and DAST to Ensure Security of Sensitive Customer Data

Summary

The challenge

The solution

The results

Related content

WhiteHat Dynamic

A Theoretical vs. a Practical Approach Toward AppSec

Gartner Magic Quadrant for Application Security Testing

WhiteHat Professional Services

Software Vulnerability Snapshot

The risk of web attacks and how to address them at scale

Streamline DAST with fAST Dynamic

Polaris Software Integrity Platform

Legal