Security Audit 2024 by X41
At Psono, we prioritize security and strive to protect our users' passwords diligently. As part of our annual procedures, we engaged X41 D-Sec GmbH to conduct an audit of Psono, with a particular focus on cryptography.
X41 D-Sec GmbH, based in Germany, is a leading provider of application security and penetration testing services. With extensive industry experience and expertise in information security, their team of world-class security experts delivers premium security services. They have previously reviewed ISC BIND9 DNS Servers, Mozilla's Firefox update, Wire, among others.
Given their undisputed expertise and competence, X41 D-Sec GmbH was well suited to audit Psono.
In June 2024, X41 D-Sec GmbH conducted a source code review and dynamic test of the Psono solution to identify security vulnerabilities and weaknesses, with a special emphasis on the proper use of cryptographic algorithms and methods.
During the test, X41 identified a total of four vulnerabilities: one rated as high, three as medium, and none as low. Additionally, one issue with no direct security impact was found.
"Overall, the solution appears to be on a good security level compared to systems of similar size and complexity. While a number of vulnerabilities and weaknesses could be identified, it should be stressed that the solution appears to be developed with security in mind. This is reflected for instance by the choice of the used cryptographic library (NaCL), which offers secure and modern cryptographic primitives. Furthermore, a number of common vulnerability types such as SQL injection issues appear to have been addressed upfront."
The full security report can be found here here.
We extend our deepest gratitude to X41 for their service! Their diligent work helps us sleep better at night!
