twocents Completes Its First Cybersecurity Audit
When we say privacy matters, we mean it.
That's why we recently had twocents audited by AIKOCorp, an AI-first penetration testing company.
After a deep dive into our systems, AIKO uncovered no vulnerabilities that could reveal identities, compromise privacy, or leak any kind of financial data. AIKO did find minor bugs in our API (such as users setting an arbitrary location) but we promptly addressed these bugs and confirmed they were patched less than a day later.
From our Letter of Attestation:
Two Cent Software, Inc. sought to perform this assessment as part of their security due diligence and wanted a review of their application and ways in which their users or malicious actors may be able to bypass the security mechanisms that have been implemented to protect the data processed by the application.
The penetration test was conducted in accordance with industry-standard methodologies such as OWASP WSTG, OWASP ASVS, and OWASP Top-10.
The penetration test was primarily conducted by our specialized AI for penetration testing, with an experienced penetration tester (OSCP and OSWE certified) overseeing the process to ensure comprehensive coverage. This approach enabled thorough analysis of Two Cent Software, Inc.'s application and identification of attack vectors that pose significant risk to their business. All findings were methodically reviewed afterwards.
Two Cent Software, Inc. demonstrated strong commitment to security by promptly addressing the identified vulnerabilities. A follow-up assessment confirmed successful remediation of all findings.
At twocents it’s a top priority to keep your data secure, so we wanted to let you, our early users, know that we’ll always have your back (and put our money where our mouth is, literally).
Bottom line: your information is safe. And we’ll keep it that way.
Learn more about our privacy policy and terms of service here:
P.S. It was a delight working with AIKOCorp, and we strongly recommend giving them a shot if you're looking to audit your own applications (they didn't pay me to say this).
Thanks for reading,
Andi