Security Audit 2025 by cure53
Security has always been at the core of what we do at Psono. That’s why we’re excited to share the results of our most recent security audit, conducted by the renowned cybersecurity firm Cure53. Their comprehensive white-box penetration test and source code audit focused on the Psono browser addons (Chrome, Firefox, Edge), our backend API, and related endpoints.
“The app-wide usage of PyNaCl ensures effective data handling and cryptography.”
— Cure53 Security Report, March 2025
What the Audit Covered
The audit, which spanned four dedicated work packages (WPs), evaluated both client-side and server-side components of Psono:
- WP1–WP3: Chrome, Firefox, and Edge addons
- WP4: Backend API and endpoints
The team from Cure53 was given full access to our source code, documentation, and internal resources. Over the course of twelve days, their five-person team meticulously assessed the security of our infrastructure.
Findings and Fixes
A total of eight security-related issues were identified, ranging from low to high severity:
- 0 Critical severity issues
- 1 High severity issue
- 3 Medium severity issues
- 4 Low severity or miscellaneous issues
All vulnerabilities have already been fixed and verified by Cure53. Where appropriate, we’ve implemented additional mitigations such as CSPs (Content Security Policies), protocol validation, dependency upgrades, and more secure autofill behavior.
You can read the full list of findings, including detailed technical insights and remediation notes, in the public version of the Cure53 report linked below.
Why This Matters
Being transparent about our security practices helps reinforce the trust our users place in Psono. Open source projects benefit greatly from public scrutiny—and we welcome it.
We’re proud that the report acknowledges the strength of our existing security measures. Particularly notable is that many of the issues identified had their impact mitigated by design, through mechanisms like API key access controls and strict CSP enforcement.
Download the Full Report
You can read the full Cure53 report here:
