Web Application Firewall (WAF)

Be proactive: locate vulnerabilities and stop cyber attacks before they reach your web server.

Basefarm WAF

Organizations currently face complex and aggressive cyber threats every day, assaults that can damage your company and customers. But consider, 90% of all breaches occur via known vulnerabilities that could have been identified by proactive security assessments and continuous blocking of malicious attacks. Basefarm’s Vulnerability Assessment and Managed Web Application Firewall services protect against these threats.

What are the benefits

Improves success rate of compliance checks and audits (for example, PCI DSS)
Identifies potential vulnerabilities in web applications and prohibits their exploitation

Minimize risk of downtime
Find risks of leakage
Find risks of fraud

Vulnerability assessments

Define, identify and classify vulnerabilities
The objective of a vulnerability assessment is to maximize the overall security of your environment and to discover and remediate vulnerabilities before attackers exploit them. The vulnerability assessment evaluates if and where your systems are open to attack through known vulnerabilities; this is the Achilles heel where the vast majority of successful breaches to your systems occur.
The tools we use are conceptually the same type of tools that attackers use. This enables us to find the vulnerabilities that an attacker is likely to find.

Detect vulnerabilities, both from the outside and from the inside
Our Vulnerability Assessments are performed both from outside our networks and from inside our networks, with full access to the environment it is testing. This ensures that we find not only the vulnerabilities exposed to the outside world, but also vulnerabilities that could be leveraged in the event that someone gains access to the internal network.

How does it work?
A member of our security team and your Service Manager at Basefarm work with you to specify which applications are in scope for the tests and the timing for conducting the test.
Typically, the tests are done off-peak hours:
for instance, 00:00 – 05:00 on weekdays.
Once the tests have been concluded, the security engineer provides you with a report describing the vulnerabilities that were found together with suggested remediation actions.

Managed web application firewall

Ultimate external security for your website
Our managed Web Application Firewall (WAF) provides you with the ultimate external security for your website, offering both robustness and efficiency. The service uses a cyclic approach for continuous adaption to an ever-changing landscape of threats. Our solution is fully managed. We recommend changes and then implement them once you give us the approval.

How does it work?
The Web Application Firewall enables identification and blocking of OWASP Top 10 attacks such as SQL injections, command injections, XSS attacks and CSRF attacks.
It also identifies and blocks brute force attacks on your website. For example, hackers systematically trying all possible keys and passwords to gain unauthorized access.

WHAT’S INCLUDED

The fixed monthly fee includes:

Quarterly vulnerability assessments of your environment; the assessment report includes:
– Hostname/IP addresses and type of vulnerability
– Recommendations for action
Monthly external vulnerability scans of your web application and threat reports, including:
– Recommendations and implementation of changes

A Web Application Firewall, managed by Basefarm:
– Standard Basefarm policy based upon your application setup
– Addition of up to 10 more policies based on the initial Vulnerability Assessment report
– More polices can be added for an extra charge

Security in our DNA

PCI DSS 3.0 level 1-service provider
ISO 27001-certified
ITIL-framework
Quality handbooks

Service level agreement
Member of FIRST.org
Advanced security products
Security Incident Response Team (SIRT)

Security across the entire service lifecycle

PayEx needed to design, build and run their state of the art Nordic payment solution catering robustness, flexibility and cost efficiency. The platform needed to be PCI DSS compliant as it exchanges, processes and stores huge amounts of card data and financial information. The solution is mission critical and margins and reputation are built over time, by delivering payment services with high quality, competence and value. They needed a secure and stable environment and a partner with solid systems for operations and interaction, as well as an “advisor” regarding technology.

Basefarm designed the platform in close collaboration with PayEx. Since the PCI solution went live in the summer of 2011, it has now passed 300 million transactions with excellent performance, peaking at around 1.3 million transactions per day. PayEx use Basefarm actively and proactively in decision-making regarding the environment and other challenges related to technology.

Security Blog

Information security – THROUGHOUT THE SERVICE LIFECYCLE.

Speak to one of our specialists to find out how the Basefarm’s Perfectly Balanced Solutions can benefit your business.

www.basefarm.se | +46 850 11 26 00

Contact us

Cookie and Privacy Settings

How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Vimeo and Youtube video embeds:

Cookie policy Basefarm

COOKIE POLICY BASEFARM

1. What are cookies?

By using the website you consent to that Basefarm stores cookies on your computer. Cookies are small text files that are placed on your computer while you are browsing a website.

1.2 Basefarm’s use of cookies

Basefarm uses cookies to facilitate your use of our website. This includes using the information collected by the cookies to confirm your login and to remember personalised details and to facilitate the availability of the services on the website.

Cookies are also used to collect information on how the website is used. In addition, with our cooperation partners we collect anonymous information of which browsers that visit the website to show relevant advertising (interest based advertising).

1.3 Manage your cookies

Most browsers are set up to automatically accept cookies. By changing your browser’s settings you can choose between accepting cookies, receiving information when a cookie is placed, or blocking cookies. The way to manage cookies may differ between browsers, but normally the menu is reached through tools or alternatives. If you decide to block Basefarm’s cookies, this may limit the functionality of the website.

You can find more information about cookies and how to delete or block cookies on the website www.allaboutcookies.org.

1.4 More detailed information

Cookie	Cookie used and domain	Typ of Cookie	What does it do?	How long is the cookie saved?
	SESSxxxxxxxxxxxxxxxxxxx basefarm.com	Session cookie	The cookie is used to keep information (not password) about the site editors (Basefarm marketing department)	The cookie is deleted after each session.
Google Analytics	[_utma, _utmb, _utmc, _utmz, _ga][Google domain]	Link	Link	Link
Pardot	Pardot, visitor_id128211, lpv128211 pi.pardot.com	Third party cookie	Link	The cookie is deleted after each session.
ProspectEye	pe99dd216ea3 tr.prospecteye.com	Third party cookie	Link	10 months

1. Introduction
Basefarm is committed to protect and respect your privacy. With this privacy policy Basefarm describes how it ensures that your personal data and other data is processed in accordance with applicable data protection laws and cookie legislation.

2. Data controller
Basefarm AS, reg. no. 982 211 743, Nydalen Allé 37a, 0484 Oslo, Norway, is the data controller in relation to personal data being processed on the Norwegian and English versions of the website.
Basefarm AB, reg. no. 556638-0639, Sveavägen 159, 113 46 Stockholm, Sweden, is the data controller in relation to personal data being processed on the Swedish version of the website.
Basefarm BV reg. no. [•], Beechavenue 106, 1119 PP Schiphol-Rijk, Netherlands, is the data controller in relation to personal data being processed on the Dutch version of the website.
The aforementioned Basefarm entities are collectively referred to as “Basefarm” in the following. You will find Basefarm’s contact information under section 10.

3. When does basefarm collect personal data?
When you or your employer sets up an account or signs up for Basefarm’s newsletter;
When you apply for a job at Basefarm or otherwise send a job application to Basefarm;
In the event you turn to Basefarm with inquiries or requests via e-mail or telephone; and
If you have accepted the use of cookies, Basefarm may also collect your IP address. For more information about Basefarm’s use of cookies, please see section 12.

4. What data may Basefarm collect?
The personal data Basefarm may collect includes information about your name and contact details such as address, telephone number and e-mail address, company and any other information you provide. If you apply for a job at Basefarm, Basefarm will process your CV as well as any other information you attach with your application.

5. How does Basefarm process personal data?
The personal data collected by Basefarm is used to manage customer relations, assess potential employees and assist customers and website visitors with any requests or inquiries made on the website. The information may also be used for monitoring and development of Basefarm’s business and website, for example by analyzing statistics of website visitors, and to protect Basefarm’s rights.
If you apply for a job, Basefarm only uses your personal data for the purposes for which you provided the information. However, Basefarm may save interesting applications even after the recruitment period is over. Such applications may also be transferred to other entities within the Basefarm group.

6. To whom may Basefarm disclose the information?
Basefarm will not sell, lease or otherwise transfer any personal data collected to a third party. Basefarm may however transfer the personal data to other companies within the Basefarm group or to business partners if it is necessary to fulfil its obligations towards you.

Personal data may be disclosed if it is necessary to:
a) Comply with applicable law, regulation or similar or to comply with a legal process, request or order from an executive authority;
b) Defend Basefarm’s legal interests; or to
c) Detect, prevent, or otherwise avoid fraud, security breaches or technical issues.

7. Links to external websites
Basefarm’s website may contain links to third-party websites. Basefarm is not responsible for the processing of your personal data on such websites.

8. Amendments
If this policy is amended, Basefarm will publish the amended policy at www.basefarm.com with information about when the amendments will enter into force. If Basefarm carry out any significant changes to the policy, Basefarm may choose to inform by e-mail or by publishing a message on the website.

9. The right to information and recifications
You have the right to require information about what personal data Basefarm is processing about you and for what purposes. You are also entitled to have any incomplete or inaccurate data rectified, erased or blocked. Please see the contact information in section 10 should you have any questions about how Basefarm processes your personal data.

10. Basefarm’s contact information
If you have any questions relating to Basefarm’s processing of personal data, or if you want to invoke your right to access data, please contact relevant Basefarm entity on the address set out below:
Norway/Global:
Basefarm AS
PO Box 4488
Nydalen
0403 Oslo
Sweden:
Basefarm AB
Sveavägen 159
113 46 Stockholm
Netherlands:
Basefarm BV
Beechavenue 106
1119 PP Schiphol-Rijk

11. Security measures
Basefarm has taken the organizational and technical security measures required to protect personal data against unauthorized access, modification and deletion.

Preferens

Keep in touch with us - we’re aware that your inbox is a sacred place, and we’ve, built this page to put you in control.

With your email registration you are accepting that Basefarm is storing your personal data information and is using it to administrate your registration. We would like to send you personal emails with company news, content, invitation to events, webinars, reports, offerings, product and service information. Please check the boxes below what kind of personal information you would like to receive from us.

I am hereby giving consent that Basefarm is sending me emails on following topics:

Web Application Firewall (WAF)

Basefarm WAF

What are the benefits

Vulnerability assessments

Managed web application firewall

WHAT’S INCLUDED

Security Collaboration

Security in our DNA

Security across the entire service lifecycle

Security Blog

Information security – THROUGHOUT THE SERVICE LIFECYCLE.

FOLLOW US

Contact us

Web Application Firewall (WAF)

Basefarm WAF

What are the benefits

Vulnerability assessments

Managed web application firewall

WHAT’S INCLUDED

Security Collaboration

Security in our DNA

Security across the entire service lifecycle

Security Blog

BF-SIRT Newsletter 2018-01

BF-SIRT Newsletter 2018-02

BF-SIRT Newsletter 2018-03

BF-SIRT Newsletter 2018-04

Information security – THROUGHOUT THE SERVICE LIFECYCLE.

FOLLOW US

Contact us