Latest successful bidders:
show all
Auction Name: Limousine Services / Value: 10,890 USD / Location: New York (U.S.) / Auction keywords: VIP transport, taxi, limousine services, NYC Auction Name: Car insurance / Value: 2,500 SEK / Location: Lulea (SWE) / Auction keywords: Insurance, Sweden Auction Name: Office Stationery / Value: 98,295,284 IDR / Location: Bengaluru (India) / Auction keywords: Letters, envelopes, toners, office equipement, Bengaluru, Karnataka Auction Name: Glass wine bottles / Value: 862,160 CNY / Location: Shadong (China) / Auction keywords: Glass containers, glass wine bottles, glass jar, China Auction Name: Notebooks / Value: 3,230 Eur / Location: Vienna (Austria) / Auction keywords: hardware, laptops, Austria Auction Name: Translation Services / Value: 37,792 PLN / Location: Krakow (Poland) / Auction keywords: Official language translation services, Krakow Auction Name: Roof tiles / Value: 49,954 HRK / Location: Brela (Croatia) / Auction keywords: Tiles, building materials, Croatia, Split Auction Name: Legal Counsel / Value: 68,500 Eur / Location: Cagliari (Italy) / Auction keywords: Legal advisory, law services, legal counsel, Italy, Sardegna Auction Name: Long-term hotel accomodation / Value: 149,600 Eur / Location: Munich (Germany) / Auction keywords: Hotel accomodation, hotel services, Munich, luxury hotels Auction Name: Car rental services / Value: 25,320 USD / Location: San Rafael (Argentina) / Auction keywords: Car rental, passenger car, leasing Auction Name: Heavy truck tires purchase / Value: 3,845 CAD / Location: Toronto (Canada) / Auction keywords: Truck tires, Toronto, Ontario Auction Name: Mobile Devices / Value: 4,540 USD / Location: Pittsburg (U.S.) / Auction keywords: Mobile devices and accessories, Pittsburg, Samsung Galaxy S23
sign up

Application security

We go beyond standard security requirements to ensure your data is secure.

The bestauction.com team uses a three-level approach to protect customer data:

1. Application-Level Security Control

Password hash saltig

Can bestauction.com see my passwords?  No. bestauction.com servers only store encrypted and hashed with salt passwords so no one from the bestauction.com team can ever see, read, or reverse engineer to get to your real password.

Deleting account 

When you’re ready to permanently leave the bestauction.com, you can delete your account in your Profile / Settings. BestAuction will permanently delete all your data. You can also remove any profile information you’d like while you have active account. Feel free always reach out to us at [email protected]

Development lifecycle

We follow security patterns for hardening, encryption, authentication and authorization. Our security engineers performs regular risk-based threat analysis during development cycles to continually re-evaluate and refine our security posture. To ensure additional security of our platform, we regularly conduct the following security checks:

  • Peer design and code review
  • Internal vulnerability scans as well as contracts with Approved Scanner Vendors (ASV) to scan for vulnerabilities
  • Contracts with top penetration testers to perform offensive and defensive analysis of our application and infrastructure

 

2. Infrastructure-Level Security Control

Our servers

Our servers are located in the Microsoft Azure and in the Forpsi data center, https://dc.forpsi.com/en/security.aspx . The data centers have top technology against DDoS attacks, including hardware firewalls by Cisco and other top vendros. Using Cloudflare, we are shielded by 172 Tbps of DDoS protection while ensuring the performance of legitimate traffic is not compromised.

Media protection

All storage media used in production are enabled with encryption. Further, the bestauction.com application, per configuration, performs application encryption to protection-marked data sets using encryption keys managed by our systems.

Architecture

The bestauction.com platform architecture sets up an independent network security zone at the Workspace and Vault level to protect data from each customer so access rules are fully customizable and hardened to each environment. Additionally, the network and data segmentation also limits the potential impact from any individual system failures.

Recovery

bestauction.com infrastructure employs multiple levels of system recovery and data recovery scheme, including as the following:

  • Production system data is continuously backed up to ensure low Recovery Point Objective ( RPO ) to minimize data loss during DR
  • Production infrastructure operations are streamlined and automated to ensure low Recovery Time Objective ( RTO ) to minimize operation disruption during DR
  • All services are deployed on Multi Availability-Zone ( multi-AZ ) setup, clustered and continuously monitored to ensure high availability
  • Data backup is cross region to ensure cross region data recovery
  • Data is regularly backed up and tested

 

3. Operation-Level Security Control

Access Control of Customer Data

  • Regarding HR policy, we folow the principle of least privilege — engineers are only granted the authorization required to perform their job functions

Vulnerability Management

  • We deploy security scanners to ensure all systems are up to date with supported versions and patches

Configuration Management

  • We maintain baseline configuration for all systems
  • All changes to production systems require documented approvals
  • All changes to the bestauction.com application require documented engineering review and approvals

System and Information Integrity

  • Continuous monitoring of production systems and alerts are set up to ensure systems are performing as designed and comply with service level agreements

Threat Detection

  • bestauction.com subscribes to threat detection services to monitor health and state of the production system
  • bestauction.com customizes rule-based alerts to look for potential threats

Incident Response

  • 24×7 staff availability
  • Breach notification procedure following compliance and best practices guidelines
Uncategorized @huSin categorizarAll articlesPress releasesUse casesCovid procurement