ExpressVPN aces three independent security audits
Not only has it been confirmed as the #1 best VPN on the market by our last round of testing, ExpressVPN also aced all the latest independent audits on its security infrastructure.
Two different cybersecurity firms, Cure53 and F-Secure respectively, were called to check all its desktop applications for any vulnerabilities. Specifically, Cure53 performed penetration tests and source code audits of its macOS and Linux apps. F-Secure carried on similar checks on the most recent version (v12) of its Windows client.
Despite finding some minor bugs, all the reports conclude that ExpressVPN is a safe choice to secure your most sensitive data against any cybersecurity threats.
‘No major issues and strong impressions gained’
“As a result of the absence of major issues and strong impressions gained during the audit, Cure53 can only confirm that the ExpressVPN team instills due diligence in its efforts against the many and varying threats that modern VPN applications tend to face,” concluded the auditing firm, praising the access and collaboration grant from the provider during the process.
As mentioned before, Cure53 performed white-box testing on ExpressVPN’s macOS and Linux apps between June and July 2022. These were aimed to check if users’ privacy is secured at all times.
In both cases, auditors could find only a handful of minor vulnerabilities with very little risk for users’ data.
Specifically, the macOS app review revealed only two minor security risks and four possible improvements. Check the full report results here.
> Our VPN testing results are in and you’ll absolutely guess who’s number one
> How to choose the right VPN for you – 9 key things to look out for
> Our pick of the best VPN services around right now
Likewise, the audit of its Linux apps uncovered two security vulnerabilities and three general weaknesses with lower exploitation potential.
“It needs to be stated clearly that this list of issues is very short, pointing to the overall good outcome of this testing round,” wrote Cure53.
At the same time, ExpressVPN developers claimed that these bugs have since then been reviewed.
After asking F-Secure to check the previous app’s version, the secure VPN provider decided to call the firm for another review on its latest Windows v12 in March.
Here, a mix of white-box and grey-box tests couldn’t identify any security weaknesses. Only a non-exploitable informational issue was found, but it has already been fixed and retested as solved a month later. Check the final report for more details.
“These audits are a testament to the efforts we put into improving and securing our product, and we’re glad to receive the validation from Cure53 and F-Secure,” said ExpressVPN penetration testing manager Brian Schirmacher.
“We’re committed to delivering audits on our mobile apps soon, and will continue to ensure privacy and security at every touchpoint of our product.”