- Surfshark was independently tested using “real world” attack scenarios
- SecuRing found no critical vulnerabilities or high-risk issues
- A minor SSL/TLS configuration issue was identified and quickly resolved
Independent auditors have confirmed that the technical infrastructure behind Surfshark, which consistently ranks as a top contender in our best VPN guide, aligns with the highest security standards.
Conducted by third-party cybersecurity firm SecuRing, the comprehensive security assessment was designed to verify the resilience of Surfshark’s network against sophisticated real-world cyberattacks. The auditors were tasked with identifying potential weaknesses in the design, configuration and maintenance of servers that maintain the privacy of user data.
The results appear to vindicate Surfshark’s internal security protocols. SecuRing’s report confirmed that no critical vulnerabilities or high-risk issues were found that could impact user security. The tests also verified that the infrastructure has strong protection against the specific attack scenarios used during the evaluation.
Real world stress testing
For the average user, the “black box” nature of this audit is especially reassuring. Instead of inspecting the code with a guide to help them, the auditors attacked the system from the outside, just as a malicious hacker would.
Tomas Stamulis, chief security officer at Surfshark, explained that the tests mirrored real-world attack scenarios to simulate external attackers compromising the network. “It was done without privileged credentials, privileged information or special access,” he added.
The goal was to ensure that no stone was left unturned.
“With this, we wanted to ensure that unauthorized users cannot access our infrastructure, that customer data always remains protected, that our customers’ servers cannot be interrupted, that security configuration errors do not occur, and that potential weaknesses are detected immediately before they can be abused,” Stamulis said.
While no critical vulnerabilities or high-risk issues were found, the audit did uncover one area for improvement: a single minor SSL/TLS configuration issue. However, Surfshark confirmed that this was “resolved quickly.”
Transparency regarding minor fixes is often seen as a positive sign in the cybersecurity community, as no complex system is perfectly secure 100% of the time. The willingness to find, fix, and publish these minor bugs is what separates premium providers from the budget options that hide behind marketing jargon.
“Digital security is constantly under the radar of bad actors, and an independent audit examining our security systems is a crucial part of building trust and ensuring transparency, allowing us to identify and implement minor improvements,” Stamulis said.
Why is it important
This isn’t Surfshark’s first transparency rodeo. We previously covered how Surfshark confirmed its commitment to user privacy with a second log-free audit in June, proving that the provider does not store user data.
However, an infrastructure audit is a different beast. While a no-logs audit verifies that the company No spy on you, an infrastructure audit verifies that a third party not able break in to spy on you.
By inviting SecuRing to attack its systems without “special access,” Surfshark effectively tested its defensive capabilities.
This latest move aligns Surfshark with the broader industry trend toward “security through verification” rather than “security through trust.” Major competitors like NordVPN and ExpressVPN also conduct regular third-party testing to validate their claims.
For Surfshark, this specific infrastructure audit serves as tangible proof that its server network is not only fast, but hardened against intrusions.
“The successful completion of this infrastructure audit highlights, once again, that our systems align with the highest security standards, providing tangible evidence to our users that the services they use are protected,” concludes Stamulis.
Users who want to delve into the technical details can read the detailed version of SecuRing’s audit report here.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
