All Collections
Security
Wiza Security Policies
Wiza Security Policies

Complete resource of Wiza's various security policies

Stephen Hakami avatar
Written by Stephen Hakami
Updated over a week ago

Organization Information

Company Name: Wiza, Inc.

Description of services offered: Sales engagement and lead generation software as a service.

Address: 2035 Sunset Lake Road, Newark, DE, 19702


Customer Data and Source Code Backup Process

Customer Data Encryption at Rest: Yes

Customer Backup Encryption: Yes

Frequency of Customer Backups: Daily and automatic

Frequency of Source Code Backups: When changes are made using a versioning tool (ex. GitHub, Bitbucket)


Two-Factor Authentication

Multi-Factor Authentication: Yes, Wiza requires all employees to utilize Multi-Factor Authentication on any work-related applications.


New System Deployment Process

Changing Default Passwords: Yes, on all systems

Disabling Default passwords: Yes, on all systems

System Image Hardening: Database/Redis servers are managed and patched by AWS and external inbound traffic is completely blocked. The main app server runs on CapRover and is regularly updated, server is accessible by passwordless public-private key login, and inbound ports (80,443,22). Critical admin panels are hidden behind multi-level subdomains.


Software Development Lifecycle

Open Web Application Security Project (OWASP) Top 10 Training: Yes

Definition of Testing Processes: Yes, we run both Detectify and custom security unit tests after each release to scan for new vulnerabilities.

Source Approval Process: Yes, merges require at least 1 review and approval by a Senior Engineer. It goes though CI and if it passes, it merges into production and is deployed via CapRover.

Separation of Duties: Yes


Network Segmentation

Network Segmentation: Yes, network filtering (firewall or VLAN using NIST 800-125B)


DNS Filtering

DNS Filtering: Yes, we use a combination of Cloudflare Gateway for DNS level filtering and Kaspersky's Web Traffic Security for malicious URL filtering.


Vulnerability Disclosure Program

Vulnerability Disclosure Program: Yes. https://wiza.co/vdp. Primary Contact: Stephen Hakami - security@wiza.co


API Access Tokens

API Token Storage: Stored encrypted, with encryption keys store in a secure key store.


Configuration Deployment

Server Configuration Deployment: Configurations are made manually. There is currently one app server. Database/Redis are managed by AWS.


Network Exposure

Frequency of Port Scans: After any deployment


Data Loss Prevention

Data Loss Prevention Policy: Yes, we use a combination of Digital Guardian and G-Suite rules to prevent the unauthorized distribution of sensitive data.


Penetration Testing

Wiza conducts an annual third-party annual security assessment which includes: Application Penetration testing, External Penetration testing, and Cloud Security Review.

Below you'll find an overview of tests that are completed on an annual basis by Bishop Fox, which is the largest private professional services firm focused on offensive security testing.

Did this answer your question?