wonderfully unique software solutions

RealVNC remote connectivity completes whitebox security audit

RealVNC remote access software for businesses has been validated in a whitebox security audit by Cure53, finding VNC Connect Remote Access service as having a strong and stable security posture.

According to RealVNC, Berlin-based IT security consultancy Cure53’s whitebox security audit is more in-depth than blackbox penetration testing, which the vendor commissions every year.

“Auditors have access to all of the source code, binaries and API/protocol documentation,” according to RealVNC’s announcement.

“Of the 38 vulnerabilities found across the range of software and services tested, 32 have been properly addressed, with the fixes confirmed by Cure53, while the other six were flagged as either false alerts or works-as-intended and evaluated as of lower risk.”

At the time of writing, RealVNC was the only remote connectivity provider of its type to undergo the whitebox testing so far, it claimed – pointing out that without such thorough testing, vendors could not be sure how secure their offering really is.

Cure53’s audit took 86 person-days and looked at VNC Server and VNC Viewer on Linux, Windows and Mac, VNC Viewer for iOS and Android, the VNC Connect management portal and backend services, it said.

RealVNC has said its secure remote access and management software is used by hundreds of millions of people worldwide, helping organisations cut costs and improve the quality of supporting remote devices and applications via desktop, mobile and embedded platforms.

Cure53 offers classic black-box penetration tests as well as white-box tests and code audits, incorporating languages from PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to web back-ends written in C++ and Delphi.

RealVNC, which is aiming at increasing channel sales, and also recently released a RealVNC Server for Mobile, is presenting on organisational vulnerability due to poor remote-access security this week at Infosec World 2022 in the USA.

( Photo by Christina @ wocintechchat.com on Unsplash )

Recent Articles

Keeper Security finds multiple weekly cyberattacks on UK professional services

The IT systems of UK-based professional services and financial services providers are often attacked many times each week, according to a Keeper...

JetBrains previews new IntelliJ based Fleet IDE and editor

Developer tools company JetBrains has opened up public preview access to its Fleet integrated development environment (IDE) and editor.

Go beyond identifying known cyber threats ahead of Industry 5.0

Cybersecurity vendor Stormshield has warned that identifying unknown and future threats has become increasingly crucial for effective enterprise defences.

Bluebeam Revu eased redesign of historic West End arcade

Construction project software from Bluebeam has helped a contractor renovate an historic stone building near London's Piccadilly Circus. According...

Europe’s CoreView named a SaaS operations management leader

Microsoft 365 management specialist CoreView has been named a key Europe-based player this year in a research update of SaaS operations management...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox