Genesys Cloud CX

 View Only

Discussion Thread View
  • 1.  Genesys Cloud CX OWASP API risk mitigation

    Posted 07-10-2023 11:54

    Recently our team reviewed the OWASP top 10 API security risks and wanted to check if Genesys Cloud CX has any documentation that lists how does Genesys addresses these risks.
    I remember Engage used to have certain documentation on the components that addressed such mentioned risks but can anyone share or guide how to verify and find it for Genesys Cloud CX? The link to OWASP 2023-
    The Genesys Cloud generic security (document is from 2022, haven't been updated) - 

    *I am not from security background so please pardon if I mistakenly use wrong terminology or confused between security standards. We want to confirm the Genesys-Salesforce or Genesys-Datagamz and other integrations being impacted with this.



    MAnu KAndwal
    Accenture Solutions Private Limited

  • 2.  RE: Genesys Cloud CX OWASP API risk mitigation

    Posted 07-14-2023 15:42

    Great question! 

    Antwuan Rencher
    Genesys - Employees

  • 3.  RE: Genesys Cloud CX OWASP API risk mitigation

    Posted 07-24-2023 08:18

    Hi All,

    We did ask similar question to Genesys Support and Developer forum. Didn't get any direct answer from developer forum and the Genesys support replied with standard security and the not the ones mentioned in OWASP article.  Still looking for a straight answer if anyone is aware about from the 2023 OWASP list.

    (Sharing thinking it might help some who are only looking for Genesys cloud basic security standards)

    PCI DSS (Payment Card Industry Data Security Standard): This standard applies to all organizations that handle credit card data. If your SaaS application involves payment processing, PCI DSS compliance testing would look for compliance with the security measures recommended by OWASP.


    ISO 27001: This is an international standard that provides the framework for an Information Security Management System (ISMS). ISO 27001 compliance testing ensures that your organization has the necessary controls in place to manage information security risks effectively, which would include the security vulnerabilities highlighted by OWASP.


    SOC 2 (Service Organization Control 2): SOC 2 is a compliance requirement for SaaS companies that handle customer data. A SOC 2 audit would check if your organization's controls are in line with the Trust Services Criteria, including the security controls that align with the OWASP's Top 10 API Security list.


    HIPAA (Health Insurance Portability and Accountability Act): If your SaaS application handles health information, HIPAA compliance testing would check if you follow the necessary security measures to protect sensitive patient health information, which would include measures outlined in the OWASP's Top 10 API Security list.


    GDPR (General Data Protection Regulation): If you operate in or serve customers in the European Union, GDPR compliance would apply. It would cover the security of personal data, including measures to ensure API security as highlighted by OWASP.


    Cloud Security Alliance (CSA) STAR Certification: The STAR certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001 standard together with the CSA Cloud Controls Matrix.

    MAnu KAndwal
    Accenture Solutions Private Limited

  • 4.  RE: Genesys Cloud CX OWASP API risk mitigation

    Posted 07-25-2023 06:23


    You might have a look at Genesys RFPIO database? It includes lots of good answers, including security, that can be used with RFP responses. You can access RFPIO via Genesys OKTA application portal.

    Best Regards,


    Antti Mikkola
    Telia Finland Oyj

  • 5.  RE: Genesys Cloud CX OWASP API risk mitigation

    Posted 07-25-2023 22:21

    Hi Antti,

    Thanks for the direction. Seems it can be of help.

    MAnu KAndwal
    Accenture Solutions Private Limited

Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources