DAVINTOO UKRAINE LLC is an international IT company specializing in software solutions for the e-learning sector. Its flagship product, LMS Collaborator, is a web-based platform for learning, communication, and analytics, used daily by over 5,000 users.
Given that DAVINTOO handles both personal and medical data, HIPAA compliance is critical to ensuring the security of its digital products.
Datami conducted a comprehensive security audit of the internal infrastructure of DAVINTOO UKRAINE LLC, covering the web platform, servers, and applications.
Regular communication with the client — including weekly status meetings and interim reports — ensured effective task management and rapid incident response.
To assess risks and identify vulnerabilities, we applied a gray-box approach, conducting tests with partial access to the client's technical documentation.
We combined manual analysis techniques with automated scanning tools, utilizing Metasploit and Paros Proxy.
During the project, the Datami team carried out a highly accurate, full-scale security assessment of the LMS Collaborator web platform, servers, and applications. A gray-box approach was chosen for the penetration test, combining both automated and manual testing methods.
The team made strategic decisions to enhance access control and strengthen the security of web applications.
Key project stages:
Every
At the start of the project, LMS Collaborator was assessed as having a high-risk level due to vulnerabilities in web applications and potential data leaks, posing a threat to HIPAA compliance.
During the penetration test, the Datami team identified 15 vulnerabilities, 5 of which were critical. Some of these could have been exploited to gain unauthorized access to user accounts or extract sensitive information.
The client received the following recommendations:
After implementing the recommended measures, LMS Collaborator achieved full HIPAA compliance, and its overall security level significantly improved. Two-factor authentication and regular security updates were introduced. All critical vulnerabilities were eliminated within 24 hours of reporting, preventing data breaches, penalties, and reputational damage.
The project was completed in 4 weeks, outperforming the industry average of 6 weeks.
DAVINTOO UKRAINE LLC successfully enhanced the cybersecurity resilience of LMS Collaborator and achieved full HIPAA compliance. The company gained a clear understanding of its threat landscape, a thorough technical audit, and actionable recommendations for strengthening its security systems. All project objectives were met within the planned timeframe.
This case study demonstrates that security testing and compliance are not just formalities, but essential safeguards against real-world threats and reputational damage.
Web applications are targeted by attacks every day - from simple scanners to deliberate breaches. To understand how vulnerable a web application is and how to protect it from hackers’ actions, a special assessment is conducted - penetration testing (pente
Microsoft announced a new update to Defender for Office 365 that automatically detects and blocks email bombing attacks. The rollout started in June, and most users will receive the feature by mid-July 2025.
Cloudflare reported that it stopped the most powerful UDP flood DDoS attack aimed at exhausting system resources. In 35 seconds, the attackers flooded the company with traffic at 11.5 Tbit/s.