Cryptocat allows users to engage in encrypted chats within a browser.
Several audits have been conducted for Cryptocat.
Cryptocat Security Audit
This report summarizes the security flaws identified in the application using manual security analysis techniques, useful for understanding the overall security quality of this application or for comparisons between applications.
The full report can be at the end of this page.
Cryptocat Security Report
This audit, completed by Veracode, contains a summary of the security flaws identified in Cryptocat using automated static, automated dynamic, and manual security analysis techniques. This method is useful for understanding the overall security quality of Cryptocat.
The full detailed audit is available at the end of this page.
Cryptocat Public Penetration Test (2012)
During the testing, the Cryptocat’s 2 source code was analyzed and audited. The code was specifically monitored for concatenation patterns, suspicious function calls, string-to-code sinks, DOMXSS sources and implementation flaws in cryptographic protocols used (Multiparty Protocol Specification, OTR).
The full audit and summary of findings can be found at the end of this page.
Cryptocat Security Audit (Veracode)