Secure Code Training
At least annually, engineers participate in secure code training covering OWASP Top 10 security risks, common attack vectors and Datum360 security controls.
Framework Security Controls
Datum360 leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.
Our Quality Assurance (QA) department reviews and tests our code base. Application security engineers on staff identify, test, and triage security vulnerabilities in code.
Testing environments are logically separated from the Production environment. No Service Data is used in our development or test environments.
Dynamic Vulnerability Scanning
We employ third-party security tooling to scan our core applications continuously and dynamically for security risks. Our in-house product security team tests and works with engineering teams to remediate any discovered issues.
Static Code Analysis
The source code repositories for our Platform are scanned for security issues via our integrated static analysis tooling. We regularly perform external SCA analysis.
Third-party Penetration Testing
In addition to our extensive internal scanning and testing programmeDatum360 employs third-party security experts (such as NCC Group) to perform detailed penetration tests on our Platform and products.
Find out more about our security features:
The Datum360 platform provides effortless delivery of your Engineering Information and Asset Data.
Full working setup in under 24 hours.