The audit was carried out in April 2021 by a Berlin-based IT security consultancy Cure53

Cybersecurity company Surfshark has undergone a third-party security audit of its VPN server infrastructure. The investigation performed by Cure53 confirmed a solid security premise of Surfshark. The report points out that despite extensive research and wide coverage of a plethora of possible risks, no serious issues were detected.

The scope of the evaluation included a server configuration audit and a broader security assessment. The final audit report highlights that all of the security-related findings resided in the realm of general weaknesses while subsequently implemented fixes were verified as appropriate.

"Having a secure network of thousands of servers is a big responsibility, so we needed to have an independent expert opinion on how we're doing. We made sure to quickly react to all the recommendations so today we can be even more confident of delivering on the security our customers expect," says Chief Executive Officer of Surfshark Vytautas Kaziukonis.

The audit report states that the Surfshark network relies on sound defaults while the configuration of constructs and cipher-suites show engineers' diligence and attention to details. Researchers made only four security-relevant discoveries, and Surfshark engineers handled those before the publication of the results.

"The overall outcome should be regarded as very good, and the testing team has no doubt that the Surfshark maintainers have a clear understanding of security and privacy challenges associated with being a VPN provider," concludes the report published by the Cure53 research team.

A detailed audit summary report provided by Cure53 can be found at https://surfshark.com/blog/surfshark-server-infrastructure-undergoes-independent-audit.