ExpressVPN applies three independent security checks
It’s not just confirmed as number 1 Best VPN on the market by our last round of testing, ExpressVPN also performed all the latest independent audits of its security infrastructure.
Two different cybersecurity companies, Cure53 and F-Secure, were called to test all of their desktop applications for vulnerabilities. Specifically, Cure53 performed penetration tests and examined the source code of its macOS and Linux applications. F-Secure conducted the same test on the most recent version (v12) of the Windows client.
Despite finding some minor bugs, all reports concluded that ExpressVPN is the safe choice to secure your most sensitive data against any cyber security threats.
Furthermore, these impressive results come just weeks after both its privacy policy and server technology obtain consent from independent auditors.
And as part of our uncompromising approach to your digital privacy and security needs, we conducted not one but three successful external audits to support our privacy statements. Why three? …November 9, 2022
‘No big deal and a strong impression was achieved’
“Due to the absence of major issues and strong impressions obtained during testing, Cure53 can only confirm that the ExpressVPN team required due diligence in an effort to combat various threats that modern VPN Applications tend to be face-to-face,” the audit firm concluded, praising the vendor’s accessibility and collaboration in the process.
As mentioned before, Cure53 has implemented white box testing on ExpressVPN’s macOS and Linux apps between June and July 2022. These apps are intended to check that user privacy is secure at all times.
In both cases, the auditor can find only a small number of vulnerabilities with very little risk to the user’s data.
Specifically, the macOS app review revealed only two minor security risks and four possible improvements. Check the full report result here (opens in a new tab).
Likewise, testing of Linux applications discovered two security vulnerabilities and three common weaknesses with lower exploitability.
“It should be made clear that this list of problems is very short, only for the overall good results of this round of testing.” wrote Cure53.
At the same time, the ExpressVPN developers stated that these bugs have since been reviewed.
After asking F-Secure to check the version of the previous application, Secure VPN The vendor decided to call the company for another review of their latest Windows v12 in March.
Here, a combination of white box and gray box tests failed to identify any security weaknesses. Only one untapped information issue was found, but it was fixed and retested as resolved a month later. Test year-end report (opens in a new tab) For more details.
ExpressVPN’s director of penetration testing Brian Schirmacher said: “These tests are a testament to the efforts we’ve made to improve and secure our product, and we’re pleased to receive the confirmation. received from Cure53 and F-Secure”.
“We’re committed to testing our mobile apps soon, and will continue to ensure privacy and security at every touchpoint with our products.”