Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: updated legacy mainframe app

From: "David M. Zendzian" <dmz () dmzs com>
Date: Tue, 25 Oct 2005 09:13:25 -0700
Think of it this way, what ever programming problems you put in front of your mainframe will expose your mainframe. So if .net or the code running in .net have bad code (input validation not checked, ...) then that will pass directly back to the mainframe and all of the controls on the mainframe will be bypassed because of the trust it will have with the frontend app.
The application control tests (i hope you mean within the code and externally through code review) will help a lot with your concerns, however since you can't control the code for .NET & AG communicator you should assume you can't trust anything going to-from those environments. 

Good luck!
dmz

Gus Fritschie wrote:
Our organization is updating a legacy mainframe application to a GUI client-server application. On the mainframe EntireX Broker will be installed. The client software will include the following: 

1) Microsoft .NET
2) Software AG Communicator run time
3) Compiled .NET code, dynamic link libraries, and EntireX client
My question is what control weaknesses could be introduced by this change and what tests would you recommend performing, besides basic application control tests. 

Thanks!
------------------------------------------------------------------------------ 
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------------- 







------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: