Although addy.io has always been open-source, I wanted to offer users even more transparency by having an unbiased third-party company conduct an in-depth review of the service.
I'm delighted to announce that addy.io has passed an independent security audit carried out by Securitum including a web application penetration test and a source code audit.
A security audit is an independent analysis of an organisation’s security posture to identify any weaknesses or vulnerabilities.
Part of the security audit carried out involved a penetration test (pentest), which is a proactive and authorised simulated cyberattack on a web application, aimed at identifying and fixing potential vulnerabilities before they can be exploited by attackers.
The goal is to provide insights into the service's security status and recommend ways to improve security of the web application.
During testing, no significant vulnerabilities were identified. Low-risk vulnerabilities were reported, as well as several informational points.