Versions Compared

Old Version 15

changes.mady.by.user Ksenia Babych

Saved on

compared with

New Version 16

changes.mady.by.user Ksenia Babych

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Html
<div id="fb-root"></div>
<script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>

...

Info

This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR.

Updated: October 2020

Permalink: https://confluence.wildix.com/x/QgBuAQ

Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.

...

QuestionsAnswers

What data does the system store?

Chat history and calls stats inCDR-View.

What User Generated Content does the system collect and/ or host?

  • Chat and calls history
  • Possibility for user to add contacts in phonebooks

Note: Chat, calls or phonebooksmodification can be forbidden by ACLrules.

Are users required to login? Is this login over a secure link?

Yes, users are required to login, login via HTTPS.

What are other data transfers/ connections between users' browsers and the system?

Check the doc Ports used by Wildix services.

From which solution stack does the system consist?

Check the doc Legal Notice PBX.

What is your approach for identifying applicable security patches and applying the system? 

Full security package with recurrent licences: Wildix Technical Support - Service Level AgreementTerms and Conditions.

What processes do you have in place to minimise the risk of these issues according tOWASP list:

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards

The processes are present in Wildix Technical Support - Service Level AgreementTerms and Conditions.

Are any vulnerability scanning or penetration testing carried out?

Penetration tests are performed yearly and security reports summaries are released on request after signing an NDA to existing customers.

How have you ensured the data links to the web server are adequate for traffic volumes anticipated? Have you tested under anticipated load?

  • Test with 5000 users / 600 concurrent calls
  • Wildix recommend 100 kb symmetric per call

...