AlgoSec security center
AlgoSec prioritizes the security of our products and solutions throughout their entire life cycle. We employ rigorous security practices during development using automatic and manual procedures. These practices include comprehensive threat and risk analysis, adherence to security standards, and regular testing to identify and address vulnerabilities.
Our applications undergo complete penetration testing by reputable third-party vendors to ensure their security.
Data security and security practices
Product security
Security is a core part of our product development activity. During the development of a new product or feature, we conduct a comprehensive threat and risk analysis, and create a specific security requirement for the product/feature and its integration into a complete solution. During the design phase and before release, we ensure product security by comprehensive testing (vulnerability assessment and penetration tests) using OWASP security standards. All security updates, patches or upgrades undergo the same rigorous tests, and are only deployed once they are proven to be secure. Pen Tests include:
We proactively scan our products using industry-standard tools for vulnerabilities on a nightly basis:
On-premises ASMS solution
SaaS services
AlgoSec website
AlgoSec Customer Portal
On-premises ASMS solution is scanned by three commercial vulnerability scanners
Dynamic web application scanning follows the OWASP methodology (DAST).
Our SaaS offerings are scanned continuously by AlgoSec CloudFlow and AlgoSec Prevasio
At AlgoSec, we are dedicated to adhering to regulatory compliance requirements and industry standards to ensure the utmost security.
We have implemented robust security measures and practices to mitigate risks and maintain the confidentiality, integrity, and availability of your data. We continually strive to stay at the forefront of security technologies and best practices to provide you with the highest level of protection.
Our security center is designed to provide you with comprehensive information and resources to understand our commitment to safeguarding your data and protecting your business.
Overview
Certifications
ISO/IEC 27001:2013 & ISO/IEC 27017:2015
SOC 2 Type II Report
AlgoSec has been certified following a SOC 2 Type II audit conducted by an independent service auditor. This audit evaluates the design, implementation, and effectiveness of the controls we have in place for our products. It ensures that our security practices align with the criteria of security, availability, processing integrity, confidentiality, and privacy. During the audit period, tests of controls were performed on controls as they existed and were applied to those controls relating to in-scope trust services criteria. The audit covered all the controls pertaining to the confidentiality, integrity, and availability of AlgoSec.
A copy of the AlgoSec SOC 2 Security, Availability, Confidentiality & Privacy Report is available to customers, partners and evaluators here:
AlgoSec holds multiple certifications, demonstrating our firm commitment to top-tier security. We strive to comply with and maintain high-quality standards in line with globally recognized frameworks.
These include:
AlgoSec understands the importance of confidentiality and privacy in protecting customers’ data. We have established policies and procedures to ensure the privacy of your information and comply with applicable data protection regulations such as GDPR. AlgoSec has established policies and procedures to demonstrate GDPR compliance.
You can find detailed information about our privacy practices in our Privacy Notice.
Questions regarding our privacy may be addressed at [email protected].
Privacy
Security advisories
List of CVEs published against AlgoSec products:
Improper input validation in FireFlow’s VisualFlow workflow editor
CVE-2023-46596
Reference:
Advisory
Severity:
5.1 Medium
Issue date:
2024-02-15
Updated on:
2024-02-15
Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor
CVE-2023-46595
Reference:
Advisory
Severity:
5.9 Medium
Issue date:
2023-11-02
Updated on:
2023-11-16
AlgoSec–FireFlow Reflected Cross-Site-Scripting (RXSS)
CVE-2022-36783
Reference:
Severity:
5.4 Medium
Issue date:
2022-10-25
Updated on:
2022-10-27
Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.
CVE-2014-4164
Reference:
Severity:
4.3 Medium
Issue date:
2014-06-16
Updated on:
2015-12-04
Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2013-7318
Reference:
Severity:
4.3 Medium
Issue date:
2014-01-29
Updated on:
2014-08-06
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2013-5092
Reference:
Severity:
4.3 Medium
Issue date:
2014-01-29
Updated on:
2014-08-06
Reporting vulnerabilities to AlgoSec
If you discover a security vulnerability in our systems, we encourage you to responsibly disclose it to us through the provided reporting process. Your efforts play a crucial role in our ongoing commitment to prioritize the security of our products and solutions throughout their entire life cycle. AlgoSec takes security concerns seriously and works diligently to resolve reported issues with utmost urgency.
We proactively scan our products using industry-standard tools for vulnerabilities on a nightly basis:
On-premises ASMS solution
SaaS services
AlgoSec website
AlgoSec Customer Portal
On-premises ASMS solution is scanned by three commercial vulnerability scanners
Dynamic web application scanning follows the OWASP methodology (DAST).
Our SaaS offerings are scanned continuously by AlgoSec CloudFlow and AlgoSec Prevasio
On-prem Security:
FAQs
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
What is Firewall Analyzer?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
Can I analyze my firewall rules?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
Does Firewall Analyzer work with Cisco?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
What are the main uses of a firewall monitoring tool?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
Can I analyze my firewall’s configuration?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
Can I monitor my firewall changes?
SaaS Security:
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
What is Firewall Analyzer?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
Can I analyze my firewall rules?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
Does Firewall Analyzer work with Cisco?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
What are the main uses of a firewall monitoring tool?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
Can I analyze my firewall’s configuration?
AlgoSec’s Firewall Analyzer enables you to instantly visualize your entire hybrid, by pulling pulls information from a wide range of devices and providing you network security topology. Firewall Analyzer helps you assess the impact of network security policies on traffic, troubleshoot connectivity issues, plan changes and perform “what-if” traffic queries. Firewall Analyzer seamlessly integrates with all leading brands of traditional and next generation firewalls and cloud security controls as well as routers, load balancers and web proxies.
Can I monitor my firewall changes?
Certifications
Overview
Privacy
Data security and security practices
Product security
Security advisories
Reporting vulnerabilities to AlgoSec
FAQs