Executing a cyber security audit of a LegalTech platform for integrity and compliance

Overview

Industry

Location

Software and IT services

Poland

Technology Used

BeaerCLI

Burp Suite

CIS Benchmarks

OWASP ASVS

OWASP Zed Attack Proxy

SonarQube

Trivy

Project overview

Our team conducted a comprehensive, two-phase cyber security audit for our client’s legal document management platform, encompassing both the application and server environments. The goal was to ensure maximum security and compliance with stringent industry standards. The audit covered everything from infrastructure hardening and dependency analysis to penetration testing. After providing a detailed report of identified vulnerabilities and recommendations, we performed a successful re-verification, confirming complete security and full compliance.

Client background

A LegalTech provider catering to a diverse range of clients. Their core product is a comprehensive legal document management system offering features such as contract automation, electronic approvals, integrated e-signatures and a curated library of legal templates and forms. The platform serves as a digital hub that optimizes all aspects of workflow and collaboration with their end clients.

Goals

The project’s core objective was to assess and significantly increase the platform's overall security, ensuring full compliance with industry standards. The technical focus included evaluating application security via SAST and SCA, verifying compliance with OWASP ASVS Level 2, and reviewing server infrastructure against CIS Benchmarks. The underlying business imperative was to protect highly sensitive customer data by reducing operational risk and fully remediating all identified vulnerabilities.

Results

Vulnerability remediation

The audit successfully identified and resolved all medium- and high-severity vulnerabilities, significantly reducing exposure to critical risks such as SQL injection, cross-site scripting (XSS) and privilege escalation.

Improved code and dependency security

The client is now empowered to implement robust secure coding guidelines and establish a proactive approach for continuous monitoring of third-party dependencies.

Hardened infrastructure

Server configurations were aligned with CIS recommendations, including network isolation, kernel parameter tuning, secure SSH setup and least-privilege user management.

Audit and monitoring

The solution enables the client to expand logging coverage, implement integrity checks and accountability mechanisms, and deploy of a SIEM system to enhance traceability.

We'd love to hear from you!

Fill out the form - we'll get back to you as soon as possible

More case studies

Software and IT services

Reducing hardware footprint through router-to-firewall migration

Financial services

Increasing financial services flexibility with a comprehensive cloud migration

Biotech and Healthcare

Crafting a secure electronic and postal voting app for doctors

Telecom

Deploying a modern NMS platform for alarm management across a telco’s network

Biotech and Healthcare

Optimizing admin work for medical professionals with a doctor service platform

Newsletter