Independent security audit validates addy.io's robust privacy and security measures

addy.io, previously known as AnonAddy, a renowned privacy-centric email forwarding service, has recently undergone an independent security audit, executed by Securitum. The audit included a web application penetration test and a source code review.

The team behind addy.io, a service that has always been open-source, stated they “wanted to offer users even more transparency by having an unbiased third-party company conduct an in-depth review of the service”.

The security audit conducted by Securitum involved a penetration test or pentest. This is an authorized simulated cyberattack on a web application, designed to identify and rectify potential vulnerabilities before they can be exploited. The pentest uses a blend of manual and automated techniques to identify potential weaknesses. The security audit also included a thorough analysis of the web application's source code.

Securitum's final report indicated that “During testing, no significant vulnerabilities were identified. Low-risk vulnerabilities were reported, along with several informational points.” The report also confirmed that the two low-risk issues identified have been addressed and rectified, along with the informational points. This was validated by a retest.