Security

ExpressVPN Completes In-Depth Audit & Penetration Testing Done by F-Secure

By Novak Bozovic / March 23, 2022

Being one of the first VPNs to have had implemented regular audits, ExpressVPN is trusted by millions around the world. As per our team’s opinion (and hands-on testing, of course), it’s one of the best VPNs available today, but that doesn’t stop ExpressVPN from proving its privacy- and security-related claims. 

ExpressVPN has announced the results of its latest audit after having commissioned F-Secure to do penetration testing of its Windows app. Aside from testing its software internally (led by Aaron Engel, ExpressVPN’s Head of Cybersecurity), ExpressVPN engages independent cyber-sec experts to provide extensive insight into ExpressVPN’s privacy-protecting measures and validate the accuracy of its claims.

The latest audit included penetration testing of ExpressVPN’s application for Windows. The assessment was conducted from November to December 2021 with the purpose of identifying security weaknesses with a direct effect on the confidentiality and integrity of systems and data. 

During the assessment, F-Secure’s cybersecurity team discovered one ‘Low’ severity issue and five ‘Informational’ observations. It’s important to mention that no ‘Critical,’ ‘Medium,’ or ‘High’ severity issues were found, which means that ExpressVPN’s Windows app is as secure as the team behind this VPN claims. 

A retest assessment was done in February 2022, prompting F-Secure to conclude that all of the previously identified weaknesses have been resolved. In other words, ExpressVPN’s team has implemented the required changes to its Windows app, making it even more secure than before. 

We’ll also add that F-Secure’s audit of ExpressVPN’s Windows app comes after a series of similar audits done during the last couple of years. In the past, cyber-security companies such as PwC and Cure53 were commissioned, conducting in-depth audits and proving that ExpressVPN has always had a high-end security infrastructure.  

Lastly, we’d like to remind you that ExpressVPN was acquired by Kape Technologies in September 2021. This latest audit is another reassurance that the VPN continues to operate under the new owner without any changes to its infrastructure and policies.

The VPN’s team also tells us that more audits will be done in 2022, including on all of their client apps, core technology, and privacy policy.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari