At First One cybersecurity is one of our core values. Whether managing internal operations or working for our clients, we prioritize a security-first approach. We implement robust security protocols and continuously enhance our measures to stay ahead of emerging threats. This commitment ensures we earn and maintain the trust of our partners and clients, safeguarding their data and interests at all times.
Application security
- WAF – Our webpage and all of our applications using Web Application Firewalls to block the latest threats.
- DNSSEC – our domains are protected with DNSSEC to avoid DNS hijacking.
- Encryption – all of our web servers are require encrypted connection and continuously tested by Qualys SSL lab to maintain the highest A or A+ overall rating.
- DDoS protection – Our applications are protected by multilevel DDoS mitigation and blocking.
Infrastructure
- Enterprise grade providers – Our applications are backed by the largest cloud service providers: Microsoft Azure and Amazon Web Services
- Endpoint Security – We use End Security to detect and mitigate malicious activity.
- Zero-Trust Network Access (ZTNA)
- Next Generation Firewalls (NGFW) – We use next generation firewalls with advanced IPS/IDS and DPI functions.
- URL filtering and Malware prevention
- Scheduled, multi location and encrypted backups
Code security
All of our code made for our solutions or for any of our clients are continuously going trough Static Application Security Testing (SAST). This method help us to identify security vulnerabilities and to find and fix security issues early and proving compliance to internationally recognised security standards.
- Security Standards: CWE, OWASP, CERT, PCI DSS, DISA STIG, NIST SSDF and ISO/IEC TS 17961.
- Security Vulnerability Detection: SQL Injection, Tainted Data, Buffer Overflow, Vulnerable Coding Practices, and many more.
- Bug, Quality Issue, and Code Smell Detection: Null Pointer Dereferences/Exceptions, Memory/Resource Leaks, Uncaught Exceptions, and many more.
Compliance
We are strongly dedicated to privacy and compliance. We follow the leading industry standards and regulations: GDPR, HIPAA, ISO27001, CCPA, NIST-800. We are continuously work to maintain and improve these standards.
- GDPR Compliant
- California Consumer Privacy Act (CCPA) compliant
- HIPAA compliant
- ISO27001 compliant
