RELAYTO Penetration Test Report Summary

Differences since last assessment Penetration Scan Summary: RELAYTO Targets: api.relayto.com, relayto.com 1 May 2025  All clear No issues were discovered that could lead to or increase the chances of a breach. While this is a good position to be in today, new weaknesses are discovered daily, and changes are often made to systems that could reduce their security. Make sure to continue using ongoing security services to monitor your risk. 0 Critical issues 0 High issues 0 Medium issues 0 Low issues New issues discovered 0 Critical 0 High 0 Medium 0 Low Previous issues remediated 0 Critical 0 High 0 Medium 0 Low Direction of travel  0  0  0  0 1 of 4

What we checked Here are some examples of what we checked your targets and their reachable webpages for. Total checks 143,306 Targets 3 Issues discovered 0  Vulnerable software & hardware Web servers, e.g. Apache, Nginx Mail servers, e.g. Exim Development software, e.g. PHP Network monitoring software, e.g. Zabbix, Nagios Networking systems, e.g. Cisco ASA Content management systems, e.g. Drupal, Wordpress Other well-known weaknesses, e.g. 'Log4Shell' and 'Shellshock'  Web Application Vulnerabilities Checks for multiple OWASP Top Ten issues SQL injection Cross-site scripting (XSS) XML external entity (XXE) injection Local/remote file inclusion Web server misconfigurations Directory/path traversal, directory listing & unintentionally exposed content  Attack Surface Reduction Our service is designed to help you reduce your attack surface and identify systems and software which do not need to be exposed to the Internet, such as: Publicly exposed databases Administrative interfaces Sensitive services, e.g. SMB Network monitoring software  Information Leakage Checks for information which your systems are reporting to end-users which should remain private. This information includes data which could be used to assist in the mounting of further attacks, such as: Local directory path information Internal IP Addresses  Encryption weaknesses Weaknesses in SSL/TLS implementations, such as: 'Heartbleed', 'CRIME', 'BEAST' and 'ROBOT' Weak encryption ciphers & protocols SSL certificate misconfigurations Unencrypted services such as FTP  Common mistakes & misconfigurations VPN configuration weaknesses Exposed SVN/git repositories Unsupported operating systems Open mail relays DNS servers allowing zone transfer 2 of 4

Scan Info Targets included in this scan api.relayto.com relayto.com Scan timings This scan ran from 2025-05-01 12:18:22 UTC to 2025-05-01 18:39:52 UTC. 3 of 4

About us Company Intruder Systems Ltd is an independent security advisory company, specialising in providing continuous security monitoring for internet-facing web applications and infrastructure. Security Team Our consultants have delivered work for government agencies, international financial institutions, and global retail giants. Credentials Intruder is a member of the Cyber-security Information Sharing Partnership Intruder is Cyber Essentials certified. Intruder is a member of CREST Intruder is a CREST accredited Vulnerability Assessment service Monitored by Drata for SOC 2 compliance Compliance Our reports are ISO 27001 and SOC 2 compliance ready. Contact  [email protected]  www.intruder.io  twitter.com/intruder_io  linkedin.com/company/intruder 4 of 4