Security FAQ Security FAQ
  1. Wildmoka
  2. Security
  3. Security

Security FAQ

Security

Are there any resources for my vendor assessment?

Yes, you can find our security documentation and answers to most questions on our trust site at https://trust.wildmoka.com/

Does Wildmoka use third party services to audit it's security?

Wildmoka has been assessed by external auditors that have CISSP, OSCP, CEH, PCIP, ISO, CISA, CISM, certifications and following methodologies and standards that include NIST SP800-115, PTES, OWASP and Offensive Security. It was concluded that an unauthorized person cannot penetrate the system, and Wildmoka's security mechanisms are state-of-the-art and effective.

Can I access the Audit logs?

Please contact us through the Support form and we will provide assistance with access to the audit logs for your account.

Do you store user passwords?

Yes, we store salted hashes of passwords using PBKDF2.

Do you have a Bug Bounty program?

Yes, we run a formal Bug Bounty program through our partner Inspectiv. If you have discovered an issue with the Wildmoka system then we ask you to contact programs@inspectiv.com and report the issue.

Who has access to the backend of Wildmoka?

Access to the backend resources are limited to a small number of employees with access to the Microsoft Azure or Amazon AWS environments we are running the production system on. All support entitled personnel are required to use two factor authentication for their cloud accounts.

Do you separate your development and testing environments from production

Yes, each environment runs in a completely separate cloud project without any connections between them.

Do you use production data for testing?

No, we do not use production data for development or testing. The only exceptions from this are:

  1. If we have been given explicit written permission to do so by the owner of the data. This usually happens when we are troubleshooting a specific issue that is only reproducible with the specific data.
  2. To perform Disaster Recovery Testing where we use a backup copy of the production database to verify that it can be restored in a timely manner to a recovery system.

Learn more