VPN service provider, NordVPN completed penetration testing, performed by cybersecurity consulting and advisory services provider VerSprite. NordVPN stated that the company is pleased with the results and users can review the attestation letter from their User Control Panel and more detailed reports following later.
Simulating real-world attacks
VerSprite’s testing methodology simulates real-world attack scenarios and threats by using Process for Attack Simulation and Threat Analysis, or PASTA for short, which consists of a seven-stage process for manufacturing attacks and analyzing threats to the company’s environment. The auditor focused on breaching confidential user data, identifying high-impact vulnerabilities that could lead to IP leaks, and overall privilege escalation during the test. Daniel Markuson, a digital privacy expert at NordVPN said,
“During the test, VerSprite found no critical vulnerabilities. One vulnerability was given a high severity score, and the rest received a medium to low severity score. These vulnerabilities were mitigated for each platform in scope. This further proves NordVPN’s reliability and focus on user security, and addressing key security elements will help us keep the highest standards in the industry and improve even more. Independent audits are one of the necessary elements to maintaining high-security standards and ensuring that our users’ trust in us is well-founded.”