Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: updated legacy mainframe app

from [David M. Zendzian] Network Security [Permanent Link]
Subject: Re: updated legacy mainframe app
Date: Tue, 25 Oct 2005 09:13:25 -0700
Think of it this way, what ever programming problems you put in front of your mainframe will expose your mainframe. So if .net or the code running in .net have bad code (input validation not checked, ...) then that will pass directly back to the mainframe and all of the controls on the mainframe will be bypassed because of the trust it will have with the frontend app.

The application control tests (i hope you mean within the code and externally through code review) will help a lot with your concerns, however since you can't control the code for .NET & AG communicator you should assume you can't trust anything going to-from those environments.

Good luck!
dmz

Gus Fritschie wrote:

Our organization is updating a legacy mainframe application to a GUI client-server application. On the mainframe EntireX Broker will be installed. The client software will include the following:

1) Microsoft .NET
2) Software AG Communicator run time
3) Compiled .NET code, dynamic link libraries, and EntireX client

My question is what control weaknesses could be introduced by this change and what tests would you recommend performing, besides basic application control tests.

Thanks!



------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------







------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: mac to ip address tools, Matt Bellizzi
Next by Date:  RE: Scanning Class A network, Talisker
Previous by Thread:  updated legacy mainframe app, Gus Fritschie
Next by Thread:  RE: FW: Merging .NBE, Josh Perrymon
Indexes:  [Date] [Thread] [Top] [All Lists]