updated legacy mainframe app

• Previous message: Dave Bush: "Re: mac to ip address tools"
• Next in thread: David M. Zendzian: "Re: updated legacy mainframe app"
• Reply: David M. Zendzian: "Re: updated legacy mainframe app"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: pen-test@securityfocus.com
Date: Tue, 25 Oct 2005 10:26:04 -0400

Our organization is updating a legacy mainframe application to a GUI
client-server application. On the mainframe EntireX Broker will be
installed. The client software will include the following:

1) Microsoft .NET
2) Software AG Communicator run time
3) Compiled .NET code, dynamic link libraries, and EntireX client

My question is what control weaknesses could be introduced by this change
and what tests would you recommend performing, besides basic application
control tests.

Thanks!

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Previous message: Dave Bush: "Re: mac to ip address tools"
• Next in thread: David M. Zendzian: "Re: updated legacy mainframe app"
• Reply: David M. Zendzian: "Re: updated legacy mainframe app"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Pen-Test and Social Engineering ... (Real hackers will not care if they shutdown or DOS a server.) ... Time of the attacks. ... I once wardialed a client who ... Audit your website security with Acunetix Web Vulnerability Scanner: ... (Pen-Test) Re: An argument AGAINST hosting your own email domain. ... the ISP for a client is currently hosting their email and we are bringing it ... the client should be receiving ... > system to 'auth attacks', NDR attacks, attacks which have yet to be ... get rid of your global mailboxes and set up ... (microsoft.public.windows.server.sbs) Re: Pen-Test and Social Engineering ... War Games VS Hackers VS Bond VS Matrix?. ... Time of the attacks. ... I once wardialed a client who ... Audit your website security with Acunetix Web Vulnerability Scanner: ... (Pen-Test) Book Review: "How to Break Web Software", Mike Andrews/James Whittaker ... "How to Break Web Software", Mike Andrews/James A. Whittaker, 2006, ... validated on the host, since it may be altered on the client, or data ... Language-based attacks, in chapter six, involve buffer ... This book is a valuable addition to the software security literature. ... (comp.dcom.telecom) Re: [fw-wiz] concerning ~el8 / project mayhem ... > If I showed my client that they'd been victim to 25 vulnerabilities, ... for instance a scanner or IDS that detects 1000 attacks is better than one ... > I think the point you might make is that it's comforting for a client who ... > has no security clue to see a large report showing all the many problems ... (Firewall-Wizards)