Project overview
Our team conducted a comprehensive, two-phase cyber security audit for our client’s legal document management platform, encompassing both the application and server environments. The goal was to ensure maximum security and compliance with stringent industry standards. The audit covered everything from infrastructure hardening and dependency analysis to penetration testing. After providing a detailed report of identified vulnerabilities and recommendations, we performed a successful re-verification, confirming complete security and full compliance.
Client background
A LegalTech provider catering to a diverse range of clients. Their core product is a comprehensive legal document management system offering features such as contract automation, electronic approvals, integrated e-signatures and a curated library of legal templates and forms. The platform serves as a digital hub that optimizes all aspects of workflow and collaboration with their end clients.
Goals
The project’s core objective was to assess and significantly increase the platform's overall security, ensuring full compliance with industry standards. The technical focus included evaluating application security via SAST and SCA, verifying compliance with OWASP ASVS Level 2, and reviewing server infrastructure against CIS Benchmarks. The underlying business imperative was to protect highly sensitive customer data by reducing operational risk and fully remediating all identified vulnerabilities.
