I have a client who is asking for any kind of Security audits..

Options
SethKho
SethKho Member Posts: 2

I have a client who is asking for any kind of security audits which have been done on the Duda infostructura, has anyone come across this before? and what / how were you anle to get the info?

Tagged:

Best Answer

  • Aj_Cre8
    Aj_Cre8 Member Posts: 676 MVP
    Answer ✓
    Options

    Ahhhh! If you are wanting to compare Duda to WP for them let them know that their wordpress website got compromised because in the wonderful world of WP, you are reliant on 3rd party plugins to make the website function properly. These plugins create huge vulnerabilities and risk when they are not maintained, if they get hacked, or if WP updates and the PHP isnt updated.. Duda, is a stand alone CMS with millions of websites and security protocols, and does not use 3rd party plugins (unless you add them yourself via the app store or unreliable tools like elfsight).

Answers

  • Aj_Cre8
    Aj_Cre8 Member Posts: 676 MVP
    Options

    Its kind of hard, as Duda will not give that information to anyone… You can explain to your client that you use Duda, and they are powered by AWS. Generally you would only see this kind of request for a Government Website or something like that.. Ask the client to be specific in what they want, and then I guess try to reach out to support for an assist…

  • SethKho
    SethKho Member Posts: 2
    Options

    Thank you, I was going to speak to them, I just thought i would ask here first. they are a financial institution. The website holds content only so there isnt really anything on (or in) the site that isnt really publicly available. They had a WP site comprimised in May which has prompted a full audit. they know the deal, they just wanted me to ask anyway. I will chase up support to see if they have anything.

    thank you

  • ScottyStrehlow
    ScottyStrehlow Member Posts: 343 Duda Staff
    Options

    Hi @SethKho,

    Security is a top priority for any financial institution, and to echo Aj's point above, we take several steps to ensure security for every user and every website. We've got a full overview via this Support Article:

    https://support.duda.co/hc/en-us/articles/1500001597862-Security-Measures

    A few things you could share with them include…

    • Remote access requires VPN connection & two factor authentification
    • Automated antivirus, malware protection, and path management scans regularly
    • All TCP outbound communication is SSL encrypted
    • Duda's servers are equipped with malware protection and intrusion detection systems

    I'd also make sure that they are aware and utilize the Two Factor Authentification Feature we released.

    I hope this helps! 🙏