Application Security

Secure Development (SDLC)

Secure Code Training

At least annually, engineers participate in secure code training covering OWASP Top 10 security risks, common attack vectors and Datum360 security controls.

Framework Security Controls

Datum360 leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.

Quality Assurance

Our Quality Assurance (QA) department reviews and tests our code base. Application security engineers on staff identify, test, and triage security vulnerabilities in code.

Separate Environments

Testing environments are logically separated from the Production environment. No Service Data is used in our development or test environments.

Vulnerability Management

Dynamic Vulnerability Scanning

We employ third-party security tooling to scan our core applications continuously and dynamically for security risks. Our in-house product security team tests and works with engineering teams to remediate any discovered issues.

Static Code Analysis

The source code repositories for our Platform are scanned for security issues via our integrated static analysis tooling. We regularly perform external SCA analysis.

Third-party Penetration Testing

In addition to our extensive internal scanning and testing programmeDatum360 employs third-party security experts (such as NCC Group) to perform detailed penetration tests on our Platform and products.

Find out more about our security features:

• Secure Information
• Cloud Security
• Product Security
• Human Resources Security