wonderfully unique software solutions

RealVNC remote connectivity completes whitebox security audit

RealVNC remote access software for businesses has been validated in a whitebox security audit by Cure53, finding VNC Connect Remote Access service as having a strong and stable security posture.

According to RealVNC, Berlin-based IT security consultancy Cure53’s whitebox security audit is more in-depth than blackbox penetration testing, which the vendor commissions every year.

“Auditors have access to all of the source code, binaries and API/protocol documentation,” according to RealVNC’s announcement.

“Of the 38 vulnerabilities found across the range of software and services tested, 32 have been properly addressed, with the fixes confirmed by Cure53, while the other six were flagged as either false alerts or works-as-intended and evaluated as of lower risk.”

At the time of writing, RealVNC was the only remote connectivity provider of its type to undergo the whitebox testing so far, it claimed – pointing out that without such thorough testing, vendors could not be sure how secure their offering really is.

Cure53’s audit took 86 person-days and looked at VNC Server and VNC Viewer on Linux, Windows and Mac, VNC Viewer for iOS and Android, the VNC Connect management portal and backend services, it said.

RealVNC has said its secure remote access and management software is used by hundreds of millions of people worldwide, helping organisations cut costs and improve the quality of supporting remote devices and applications via desktop, mobile and embedded platforms.

Cure53 offers classic black-box penetration tests as well as white-box tests and code audits, incorporating languages from PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to web back-ends written in C++ and Delphi.

RealVNC, which is aiming at increasing channel sales, and also recently released a RealVNC Server for Mobile, is presenting on organisational vulnerability due to poor remote-access security this week at Infosec World 2022 in the USA.

( Photo by Christina @ wocintechchat.com on Unsplash )

Recent Articles

Hornetsecurity expands M365 cloud security offer with Vade deal

Cloud email security provider Hornetsecurity has added a partnership with Vade, increasing focus on answering data sovereignty requirements with best-in-class cloud, compliance...

Cross-browser testing provider BrowserStack named Microsoft ‘partner of choice’

Software testing platform provider BrowserStack has announced a strategic partnership with Microsoft to support Visual Studio App Center users transitioning to BrowserStack...

JetBrains rolls out full-line code completion for its IDEs

Developer tools company JetBrains has added to its AI-enablement tools with full-line code completion for its integrated development environments (IDEs), separate to...

OpenText renews X12 supply-chain data standards partnership

Enterprise information management (EIM) software vendor OpenText is renewing its partner licensing agreement with the X12 electronic data interchange (EDI) standards organisation.

LiveAction NPM performance extended for Cisco unified server users

Network intelligence from vendor LiveAction has been certified to work with high performance Cisco servers, increasing availability of its packet data and...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox