AI Content Chat (Beta) logo

RELAYTO Penetration Test Report Summary

Penetration Scan Summary: RELAYTO Targets: api.relayto.com, relayto.com 21 August 2023  All clear No issues were discovered that could lead to or increase the chances of a breach. While this is a good position to be in today, new weaknesses are discovered daily, and changes are often made to systems that could reduce their security. Make sure to continue using ongoing security services to monitor your risk. 0 0 0 0 Critical High Medium Low issues issues issues issues Differences since last assessment New issues discovered Previous issues remediated Direction of travel 0 0 Critical Critical  0 0 0  0 High High 0 0  0 Medium Medium 0 0  0 Low Low 1 of 4

What we checked Total checks Targets Issues discovered 143,306 3 0 Here are some examples of what we checked your targets and their reachable webpages for. Vulnerable software & hardware Web Application Vulnerabilities   Web servers, e.g. Apache, Nginx Checks for multiple OWASP Top Ten issues Mail servers, e.g. Exim SQL injection Development software, e.g. PHP Cross-site scripting (XSS) Network monitoring software, e.g. Zabbix, Nagios XML external entity (XXE) injection Networking systems, e.g. Cisco ASA Local/remote file inclusion Content management systems, e.g. Drupal, Web server misconfigurations Wordpress Directory/path traversal, directory listing & unintentionally exposed content Other well-known weaknesses, e.g. 'Log4Shell' and 'Shellshock' Attack Surface Reduction Information Leakage   Our service is designed to help you reduce your attack Checks for information which your systems are surface and identify systems and software which do reporting to end-users which should remain private. not need to be exposed to the Internet, such as: This information includes data which could be used to assist in the mounting of further attacks, such as: Publicly exposed databases Administrative interfaces Local directory path information Sensitive services, e.g. SMB Internal IP Addresses Network monitoring software Encryption weaknesses Common mistakes & misconfigurations   Weaknesses in SSL/TLS implementations, such as: VPN configuration weaknesses 'Heartbleed', 'CRIME', 'BEAST' and 'ROBOT' Exposed SVN/git repositories Weak encryption ciphers & protocols Unsupported operating systems SSL certificate misconfigurations Open mail relays Unencrypted services such as FTP DNS servers allowing zone transfer 2 of 4

Scan Info Targets included in this scan api.relayto.com relayto.com Scan timings This scan ran from 2023-08-21 11:17:42 UTC to 2023-03-01 17:29:32 UTC. 3 of 4

About us Company Security Team Intruder Systems Ltd is an independent security advisory Our consultants have delivered work for government agencies, international financial company, specialising in providing continuous security monitoring for internet-facing web applications and institutions, and global retail giants. infrastructure. Credentials Compliance Our reports are ISO 27001 and SOC 2 Intruder is a member of CREST compliance ready. Contact Intruder is a CREST accredited Vulnerability Assessment service [email protected]  www.intruder.io Monitored by Drata for SOC 2 compliance  twitter.com/intruder_io  linkedin.com/company/intruder Intruder is a member of the Cyber-security Information Sharing Partnership Intruder is Cyber Essentials certified. 4 of 4