NordVPN has just announced that it has completed an application security audit undertaken by independent auditor VerSprite. The latter is a leading operational risk management and security consulting firm, which specializes in finding vulnerabilities, risks, and threats in application software.
“Our customers invested their trust in us, and we have a responsibility to live up to their expectations by providing quality service. We strongly believe that independent audits are necessary to keep high security standards,” says Laura Tyrell, Head of Public Relations at NordVPN. “VerSprite's goal was to see if we measure up to our claims, and the penetration test helped us to make our apps even better.”
What the NordVPN Audit Covered
The foundation of the VerSprite penetration testing methodology is based on simulating real-world attack scenarios and threats by a malicious actor. During the test, VerSprite auditors focused on breaching confidential user data, identifying high-impact vulnerabilities that could lead to IP leaks, and overall privilege escalation.
Data Breaches have resulted in billions of records containing names, email addresses and even credit card and social security numbers being compromised in 2019 alone. Learn more about the Largest Data Breaches in 2019.
NordVPN has undergone an Application Penetration Test, divided into three different phases. This first phase covered testing NordVPN's API endpoint and Clients Panel. During the second stage, VerSprite targeted the NordVPN mobile apps for iOS and Android. The last phase had the NordVPN desktop applications for Windows and macOS as the main targets.
“We are very pleased with the results — this audit made our apps even stronger. After the initial Application Penetration Test, our developer team followed the auditor's recommendations and implemented a few changes,” says Laura Tyrell, Head of Public Relations at NordVPN. “We're keeping our pledge and intend to regularly audit our service in the future to help verify our systems match the highest standard.”
It's not the first third-party audit of NordVPN's service. Last year, NordVPN completed an industry-first audit of its no-logs policy. It was performed by PricewaterhouseCoopers AG (Zurich, Switzerland) – a Big 4 auditing firm and one of the most dependable and capable auditors in the world.
NordVPN is a trusted online privacy and security solution, used by over 12 million internet users worldwide. The Panama-based company offers military-grade encryption with advanced privacy features and is recognized by the most influential tech sites and IT security specialists.
NordVPN is moving with confidence towards becoming an all-around cybersecurity solution. Earlier this year, the VPN service provider announced three new tools: NordPass, a new-generation password manager, NordLocker, a powerful file encryption tool, and NordVPN Teams, a new VPN solution for businesses, freelancers, and teams.
Visit the NordVPN site here.
You may also like: