VPN service provider NordVPN has completed a client security testing. VerSprite, a global leader in cybersecurity consulting and advisory services, conducted the penetration test. The results have pleased NordVPN.

NordVPN is a well-known online privacy and security service that is utilized by over 14 million people across the world. The Panama-based firm provides robust encryption and advanced privacy features, and is endorsed by the most authoritative tech blogs and IT security experts.

“During the test, VerSprite found no critical vulnerabilities. One vulnerability was given a high severity score, and the rest received a medium to low severity score. These vulnerabilities were mitigated for each platform in scope,” said Daniel Markuson, Digital Privacy Expert at NordVPN. “This further proves NordVPN’s reliability and focus on user security, and addressing key security elements will help us keep the highest standards in the industry and improve even more.”

Users can check the attestation letter in NordVPN’s User Control Panel while more thorough reports will be available later this week.

PASTA Technique

The foundation of VerSprite’s penetration testing approach is the use of PASTA to simulate real-world attack situations and threats (Process for Attack Simulation and Threat Analysis). The PASTA technique is a seven-stage methodology for creating assaults and assessing risks to the NordVPN environment in order to reduce risk and the business effect. VerSprite auditors focused on exposing private user data, detecting high-impact vulnerabilities that might result in IP leaks, and overall privilege escalation during the test.

This isn’t the first time NordVPN’s VPN service has been audited by a third party. NordVPN’s VPN services are regularly audited by a third party. NordVPN, for example, claims to have had the first audit of its no-logs policy in the business. PricewaterhouseCoopers AG (Zürich, Switzerland), a Big 4 auditing firm and one of the world’s most trustworthy and skilled auditors, was in charge of the audit.

VerSprite is a cybersecurity and operational risk management consulting firm that specializes in tracking high-profile threats, understanding security risks and their business implications, and strengthening cybersecurity postures.

NordVPN is a service provided by Nord Security. Nord Security is steadily progressing toward its goal of being an all-in-one cybersecurity solution. NordPass, a next-generation password manager; NordLocker, a strong file encryption tool; and NordVPN Teams, a new VPN solution for enterprises, freelancers, and teams, were all introduced in 2019.