Bright is now integrated with GitHub Copilot

Check it out! →
Product
Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.

Integrations

Connecting your security stack & resolution processes seamlessly.

Docs

Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.

Resources
Blog

Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

Docs

Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.

Research

Download whitepapers & research on hot topics in the security field.

Company
About us

Who we are, where we came from, and our Bright vision for the future.

News

Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Success story > 

Customer Success Story by MedFlyt

Customer Success Story by MedFlyt

New York

Industry:

Healthcare

Size:

10
  • Need continual understanding of their cyber posture to ensure client data is safe and to comply with HIPAA and SOC 2 compliance requirements 
  • With daily code commits, do not want to rely on periodic penetration tests
  • Requirement to have developers owning the security testing process to find and fix issues early and often
  • Validate security for OWASP Top 10 vulnerabilities
  • Reduce manual processes and prevent technical debt

Coordinating patient care by specialist carers, especially with a remote workforce to see patients at home, can be a complicated process that needs to be managed properly. With patient records and other sensitive data that needs to be shared too, it is no surprise that software company MedFlyt, based in New York, built an application to automate the management of the process. 

“Our platform automates multiple manual processes for caregiver and patient management”, says Nir Berenstein, CTO for MedFlyt. “With the sheer volume of patient and caregiver data that our platform manages, security of our platform has always been at the forefront of our mind, focussed more acutely with our HIPAA and SOC 2 compliance requirements”

Creating new features at speed, but securely

As a small but highly effective team, Medflyt needed an automated tool to supplement or replace the internal manual code reviews and put security testing into the hands of the developers.

“We wanted to enable our developers to create at speed, whilst minimising the risk of creating security issues and sleepless nights between expensive and periodic penetration tests”, Berenstein says.

Without a dedicated security team and having reviewed many security scanners, Berenstein decided to bring in Bright. “Our search for a security scanner that met our success criteria ended when we found Bright, namely the automation and accuracy it brings, while being a developer focussed solution out of the box. We couldn’t achieve this with other tools”, he says.

With daily changes to his code adding new features, Berenstein wanted his developers to understand where any issues are, early. “With SOC 2, we wanted a scanner that enables us to run security testing daily, that isn’t going to be a complicated process and a drain on internal resources”.

“Bright is very intuitive and our developers are able to run the tool without the need to be a security expert. The scanner crawls our application with excellent coverage”, Berenstein added, “with the accuracy of the results meaning our developers can trust the output and fix the issues to deliver a secure product, instead of wasting time validating if issues are real”.

Like any team, Berenstein was looking at ways to streamline his processes and make them more efficient. “I wanted to create a culture where my developers are free to be creative and make the changes we need, without the fear of me checking and finding holes. This early detection of issues saves me time and also reduces our security and technical debt”.

By using Bright, MedFlyt’s developers are happy to be in control. “Feedback from my devs has been excellent – it’s easy to use, easy to deploy and the results are developer friendly” Berenstein says. “The integration process into our environment was simple and immediate. We are able to simply run security scans, whilst also having the platform create a full security pdf report for management and our compliance records”.

Get our newsletter