addy.io passes independent security audit

Although addy.io has always been open-source, I wanted to offer users even more transparency by having an unbiased third-party company conduct an in-depth review of the service.

I'm delighted to announce that addy.io has passed an independent security audit carried out by Securitum including a web application penetration test and a source code audit.

What is a security audit?

A security audit is an independent analysis of an organisation’s security posture to identify any weaknesses or vulnerabilities.

Part of the security audit carried out involved a penetration test (pentest), which is a proactive and authorised simulated cyberattack on a web application, aimed at identifying and fixing potential vulnerabilities before they can be exploited by attackers.

A combination of automated and manual techniques are used to identify vulnerabilities.

The security audit also involved an analysis of the source code for the web application (https://app.addy.io).

The goal is to provide insights into the service's security status and recommend ways to improve security of the web application.

Who performed the audit?

The security audit was carried out by Securitum, a leading european penetration testing company.

What were the results?

The results were extremely positive and I'm very happy with the report!

During testing, no significant vulnerabilities were identified. Low-risk vulnerabilities were reported, as well as several informational points.

The 2 low-risk issues have been fixed and the informational points have also been addressed. This has been confirmed by a retest as shown in the report.

To read the full report click here.

Feedback and suggestions

If you have any feedback or suggestions please just get in touch and make sure to sign up to the newsletter if you'd like to receive updates on new features!