wonderfully unique software solutions

RealVNC remote connectivity completes whitebox security audit

RealVNC remote access software for businesses has been validated in a whitebox security audit by Cure53, finding VNC Connect Remote Access service as having a strong and stable security posture.

According to RealVNC, Berlin-based IT security consultancy Cure53’s whitebox security audit is more in-depth than blackbox penetration testing, which the vendor commissions every year.

“Auditors have access to all of the source code, binaries and API/protocol documentation,” according to RealVNC’s announcement.

“Of the 38 vulnerabilities found across the range of software and services tested, 32 have been properly addressed, with the fixes confirmed by Cure53, while the other six were flagged as either false alerts or works-as-intended and evaluated as of lower risk.”

At the time of writing, RealVNC was the only remote connectivity provider of its type to undergo the whitebox testing so far, it claimed – pointing out that without such thorough testing, vendors could not be sure how secure their offering really is.

Cure53’s audit took 86 person-days and looked at VNC Server and VNC Viewer on Linux, Windows and Mac, VNC Viewer for iOS and Android, the VNC Connect management portal and backend services, it said.

RealVNC has said its secure remote access and management software is used by hundreds of millions of people worldwide, helping organisations cut costs and improve the quality of supporting remote devices and applications via desktop, mobile and embedded platforms.

Cure53 offers classic black-box penetration tests as well as white-box tests and code audits, incorporating languages from PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to web back-ends written in C++ and Delphi.

RealVNC, which is aiming at increasing channel sales, and also recently released a RealVNC Server for Mobile, is presenting on organisational vulnerability due to poor remote-access security this week at Infosec World 2022 in the USA.

( Photo by Christina @ wocintechchat.com on Unsplash )

Recent Articles

Arista warns SMBs to take precautions against edge threats

Arista Networks, the vendor of Arista Edge Threat Management (ETM) has warned that SMBs aren't always aware of the extent of targeting...

Instructure rolls out iWork update for Canvas LMS users on Apple

Learning management software company Instructure has taken the covers off an Apple iWork update for its Canvas learning management system (LMS).

E-learning player iSpring adds six integrations for its LMS platform

Customers of the iSpring Learn learning management system (LMS) can now connect to no less than six additional platforms with a view...

What’s new in JetBrains code analyser Qodana 2023.2

The code-quality platform Qodana, new from a cornucopia of JetBrains developer tools, now boasts server-side analysis integrated with the 2023.2 releases of...

N-able leads RMM field across multiple awards programmes

Remote monitoring and management (RMM) provider N-able has taken two more coveted titles for 2023, including a prestigious CRN award for the...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox