Want to improve the security of your ecommerce website?

Learn how

Our code was audited by the Synacktiv ninja team and it went well

We are a security company. Our goal is to help our community members secure their assets. But one of our core values is to drink our own champagne and walk the talk. So, a few months ago, we asked Synacktiv to perform a code review on the CrowdSec agent.

The tests were performed using a white-box approach and the source code of CrowdSec was fetched from our official GitHub repository. The objectives of these tests were to identify vulnerabilities and associated risks, exploit them and list remediations that will improve the security level of the application.

We are happy to share that the conducted assessment revealed an excellent security level. In a nutshell:

  • No compromise scenarios have been identified
  • The attack surface of the component is well controlled and offers extremely limited possibilities to attackers
  • The overall code quality is high and technologies used, combined with a fine software architecture, offer a great general security level.

Some issues were spotted but none of them were considered having a high overall severity and were fixed throughout the assessment.

The full report can be downloaded here.

“Synacktiv appreciated the great reactivity and availability of the CrowdSec team all along the audit performed on its agent. Linked to the absence of critical findings, it demonstrates CrowdSec engagement in securing source code deployed to its users infrastructure.”

Renaud Dubourguais, COO and head of the pentest team @ Synacktiv

This assessment is only one of the steps of the security review campaign that we have launched since day 1 in order to keep improving the security of our solution and ensure maximum safety to our community. Stay tuned for more news on the matter.

About Synacktiv

Synacktiv is a French company, founded in 2012 by 2 cyber security experts and specialized in offensive security. They help companies assess and strengthen the security of their systems and assets and ambition to become the French reference in their field. Their team is fully composed of digital ninjas.

You may also like

crowdsec and suse partnership
Announcement

CrowdSec on SUSE: Enhancing Security with Collaborative Defense

Protect SUSE Linux with CrowdSec’s community-driven Security Engine, open source, behavior-based threat detection with real-time crowdsourced intelligence.

Introducing the New CrowdSec and BunkerWeb Integration
Announcement

Introducing the New CrowdSec and BunkerWeb Integration

We are thrilled to welcome BunkerWeb into the CrowdSec Network and together strengthen collaborative open security for both our communities.

Revolutionizing Security Analysis with CrowdSec and Microsoft Copilot for Security
Announcement

Revolutionizing Security Analysis with CrowdSec and Microsoft Copilot for Security

We are announcing the CrowdSec CTI and Microsoft Copilot for Security integration, which signals a new era of collaborative and intelligent security operations.