We’re proud to announce our successful completion of an independent secure code review performed by SecureIT, a leading cybersecurity and risk audit firm.
Due to the nature of the business, customers use Afi platform to handle a lot of data, and it’s critical that we keep it safe and adhere to the highest security standards. This independent review – combined with the regular penetration tests, SOC 2/3, customer-initiated audits, CSA STAR, Cyber Essentials and other certifications – underscores our strong commitment to product development, security and resiliency.
Completing an independent secure code review gives Afi’s customers additional evidence that we’re handling your data securely. Afi stands as one of the very few backup vendors that have made the significant investments necessary to undergo a comprehensive third-party secure code review.
Afi team run a detailed comparison to select a security provider with the best qualifications for the project. SecureIT stood out as the top security firm focused on analysis and independent validation, one of the largest FedRAMP assessors with a broad perspective on the best security strategies and the latest threat.
What Is a Secure Code Review?
The purpose of the independent secure code review was to assess the security of Afi's source code and identify any potential vulnerabilities or weaknesses that could be exploited.
SecureIT conducted a thorough manual assessment of potential weaknesses within the source code, encompassing all significant components of the application. The scope of the project included all Afi production code, which was tested for technical and logical security risks that could be exploited to compromise the confidentiality, integrity, and availability of customer data.
Why Does This Matter to You?
As a current or future customer of Afi, you can rest assured that our software and infrastructure adhere to stringent security standards, as outlined in the code review project report. While the SOC 2/3 audits we undergo annually are focused on Afi’s internal systems and processes, the secure code review independently validates that Afi’s code is free from coding flaws and vulnerabilities, uses up to data encryption, data sanitization and access control mechanisms.
The comprehensive secure code review reflects Afi’s long-term commitment to developing a secure and resilient service, gives you peace of mind and helps you mitigate risks. Data breaches can have serious effects on your business, that’s why choosing a trusted partner that maintains the highest levels of data protection is so important. We’re proud to provide that service to you.
Project Results and Report
SecureIT’s thorough and professional work has exceeded our expectations. While the review did not reveal any critical or high-risk vulnerabilities in our code, the detailed analysis and insightful recommendations provided by SecureIT helped us to improve the Afi security posture.
Having completed the project, the SecureIT team noted that Afi “demonstrated a commitment to industry best practices and secure coding principles in their codebase. This proactive approach to integrating security measures in accordance with established standards highlights the organization's dedication to constructing a robust and secure application”.
The project report is available for existing Afi customers and potential customers upon request.