Hi, one of our customer, their security teams, has rise some questions about web messaging and messager snippet. Our customer is worried if web messaging could be used or expose somehow a way to attack their infrastructure.
Coul you share with us, if there is public reference about protocols, data privacy and security specs implemented with web messaging?
What would you suggest, if there any, options to strengthen a web messaging deployment?
Regards,
SG
This article shows responsibilities of Genesys Cloud and customers for PCI compliance
It shows that Genesys Cloud takes responsibility for software vulnerabilites
6.2.4 Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities in bespoke and custom software, including but not limited to the following:
Injection attacks, including SQL, LDAP, XPath, or other command, parameter, object, fault, or injection-type flaws.
Attacks on data and data structures, including attempts to manipulate buffers, pointers, input data, or shared data.
Attacks on cryptography usage, including attempts to exploit weak, insecure, or inappropriate cryptographic implementations, algorithms, cipher suites, or modes of operation.
Attacks on business logic, including attempts to abuse or bypass application features and functionalities through the manipulation of APIs, communication protocols and channels, client side functionality, or other system/application functions and resources. This includes cross-site scripting (XSS) and cross-site request forgery (CSRF). Attacks on access control mechanisms, including attempts to bypass or abuse identification, authentication, or authorization mechanisms, or attempts to exploit weaknesses in the implementation of such mechanisms.
Attacks via any “high-risk” vulnerabilities identified in the vulnerability identification process, as defined in Requirement 6.3.1.
Our developers use tools to identify software vulnerabilities within our dependencies, and are not able to deploy features without first resolving critical vulnerabilties.
You might also be interested in authorized web messaging for added security.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.