From: David M. Zendzian (dmz@dmzs.com)
Date: Tue Oct 25 2005 - 12:13:25 EDT
Think of it this way, what ever programming problems you put in front of
your mainframe will expose your mainframe. So if .net or the code
running in .net have bad code (input validation not checked, ...) then
that will pass directly back to the mainframe and all of the controls on
the mainframe will be bypassed because of the trust it will have with
the frontend app.
The application control tests (i hope you mean within the code and
externally through code review) will help a lot with your concerns,
however since you can't control the code for .NET & AG communicator you
should assume you can't trust anything going to-from those environments.
Good luck!
dmz
Gus Fritschie wrote:
> Our organization is updating a legacy mainframe application to a GUI
> client-server application. On the mainframe EntireX Broker will be
> installed. The client software will include the following:
>
> 1) Microsoft .NET
> 2) Software AG Communicator run time
> 3) Compiled .NET code, dynamic link libraries, and EntireX client
>
> My question is what control weaknesses could be introduced by this
> change and what tests would you recommend performing, besides basic
> application control tests.
>
> Thanks!
>
>
>
> ------------------------------------------------------------------------------
>
> Audit your website security with Acunetix Web Vulnerability Scanner:
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are futile against web application hacking. Check
> your website for vulnerabilities to SQL injection, Cross site
> scripting and other web attacks before hackers do! Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
>
>
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:05 EDT