September 20, 2021
NEERE passes Penetration Test and
BETA CAE Systems engaged NCC Group to perform a web application penetration test to assess whether NEERE is secure in handling sensitive data, as well as to ensure it neither allows unauthorised access nor contains other security related issues.
NCC declares that the NEERE web application was overall well designed with no high risk or critical findings. Any lower risk issues uncovered during the assessment can be mitigated as part of a defense-in-depth approach; nevertheless, it is reported that they are highly unlikely to pose a threat in a realistic scenario.
The backend VNC server was found adequately hardened with sufficient file permissions, which do not allow for privilege escalation attacks. In combination with the tight network controls in place, the likelihood of a successful attack is considered very low.
The respective documentation by NCC Group can be made available, to authorized stakeholders, upon request.
Read all about the Data and Systems Security offerered by neere.