{"id":18405,"date":"2021-08-23T08:31:08","date_gmt":"2021-08-23T06:31:08","guid":{"rendered":"https:\/\/www.usd.de\/?page_id=18405"},"modified":"2025-12-11T11:48:53","modified_gmt":"2025-12-11T10:48:53","slug":"pentest-mainframe","status":"publish","type":"page","link":"https:\/\/www.usd.de\/en\/pentest\/pentest-mainframe\/","title":{"rendered":"Pentest Mainframe"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px||true|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" width=\"100%\" custom_padding=\"0px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" text_text_color=\"#FFFFFF\" text_font_size=\"30px\" text_line_height=\"1.2em\" header_font=\"Roboto||||||||\" header_text_color=\"#F07F1D\" header_font_size=\"50px\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-herolab-web-application-pentest-1-1.jpg\" custom_margin=\"-31px||0px||false|false\" custom_padding=\"166px|15px|62px|15px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h1 class=\"x-text-content-text-primary\" style=\"text-align: center\">Pentest Mainframes<\/h1>\n<p style=\"text-align: center\">Protect Your Systems and Applications<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"0px|0px|0px|0px|true|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p>In industries such as finance and insurance, airlines or retail, large volumes of sensitive data must be processed on a regular basis. Since mainframe solutions are particularly powerful, they continue to be the preferred choice in these industries in particular. In addition, mainframes and their operating systems, such as z\/OS or AS\/400 (System i), are generally considered to be particularly robust and secure. But even here, errors in development as well as configuration and operation can lead to vulnerabilities with consequences that threaten the very existence of companies. For this reason, mainframe solutions should also be subjected to regular technical security checks.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"3px||30px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/icon-symbol-orange-007-2.png\" title_text=\"icon-symbol-orange-007\" _builder_version=\"4.16\" _module_preset=\"default\" width=\"78%\" module_alignment=\"center\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" header_3_text_color=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3>Did you know?<\/h3>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p>Standards such as PCI and ISO as well as the regulatory requirements of the German Federal Financial Supervisory Authority (BAIT, KAIT, ZAIT) demand regular penetration tests on the mainframe. In addition, IBM's standard warranty terms and conditions make vulnerability detection the client's responsibility.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>How Does usd AG Support You with Mainframe Pentests?<\/h2>\n<p>We combine expert knowledge in the configuration and operation of mainframes with years of experience in security analysis and penetration testing (pentesting).<\/p>\n<p>Using a combination of greybox pentest, code review and security audit, we identify critical vulnerabilities on the mainframe and in applications running on it that can be exploited for unauthorized access or privilege escalation, for example.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||1px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/icon-schwachstelle-orange-003.png\" title_text=\"icon-schwachstelle-orange-003\" _builder_version=\"4.16\" _module_preset=\"default\" width=\"74%\" module_alignment=\"center\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" header_3_text_color=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3>Common vulnerabilities include:<\/h3>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<ul><\/ul>\n<ul>\n<li>Faulty identity and access management<\/li>\n<li>Use of default passwords and weak password management<\/li>\n<li>Incorrect database configurations<\/li>\n<\/ul>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>How Does usd AG Approach Mainframe Penetration Testing?<\/h2>\n<p>The test consists of 3 phases:<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_accordion open_toggle_background_color=\"#FFFFFF\" closed_toggle_background_color=\"#FFFFFF\" icon_color=\"#F07F1D\" use_icon_font_size=\"on\" icon_font_size=\"23px\" _builder_version=\"4.16\" _module_preset=\"default\" body_font=\"|300|||||||\" body_font_size=\"16px\" custom_margin=\"4px|0px|-1px|0px|false|true\" border_radii=\"on|5px|5px|5px|5px\" border_color_all=\"#F6F6F6\" box_shadow_style=\"preset1\" box_shadow_spread=\"-11px\" box_shadow_color=\"rgba(0,0,0,0.22)\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_accordion_item title=\"Nicht bearbeiten!\" open=\"on\" _builder_version=\"4.16\" _module_preset=\"default\" custom_css_main_element=\"display: none;\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.[\/et_pb_accordion_item][et_pb_accordion_item title=\"Phase 1: Preparation and scoping\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.16\" _module_preset=\"default\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\" theme_builder_area=\"post_content\" open=\"off\"]<\/p>\n<p>In the run-up to the pentest, our security analysts coordinate with the responsible contact persons from your company on the specific scope, the test content, the schedule and your obligations to cooperate.<\/p>\n<p>[\/et_pb_accordion_item][et_pb_accordion_item title=\"Phase 2: Mainframe pentests on configuration and hardening levels\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.16\" _module_preset=\"default\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\" theme_builder_area=\"post_content\" open=\"off\"]<\/p>\n<p>Gathering information on, among other things:<\/p>\n<ul>\n<li>The PL parameters for current IPL, the APF authorization, the Linklisted and LPA records, the JES Spool &amp; Checkpoint records, the Page &amp; SMF records, and the IPLPARM &amp; Parmlib records,<\/li>\n<li>the hardware configuration, including the IODF datasets and the ISPF datasets (CLIST, REXX, etc.),<\/li>\n<li>the security systems or ESMs (e.g. RACF, ACF2 &amp; TSS) for all previously mentioned data sets.<\/li>\n<\/ul>\n<p>Review of configuration and hardening<\/p>\n<p>Our analysts perform a comprehensive analysis of your mainframe environment. The following reviews are included:<\/p>\n<ul>\n<li>Review of privileged users (e.g. SPECIAL, NON-CNCL, UID(0)) as well as critical datasets (e.g. LINKLIB, PARMLIB, LPA, APF, JES2 \/ JES3 spool)<\/li>\n<li>Checking for the extension of user rights, e.g. by exploiting Authorized Program Facility (APF) libraries or via Network Job Entry (NJE)<\/li>\n<li>Checking of Public Resources, User SVCs, MVS &amp; JES2 \/ JES3 Command Authority, RACF\/TSS\/ACF2 Exits, MVS Subsystems (IMS, Db2, CICS, NETView, etc.), MVS UNIX Environment<\/li>\n<li>Examination of access rights for e.g. RACF databases as well as the RACF PassTicket functionality<\/li>\n<\/ul>\n<p>[\/et_pb_accordion_item][et_pb_accordion_item title=\"Phase 3: Pentest of mainframe applications\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.16\" _module_preset=\"default\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\" theme_builder_area=\"post_content\" open=\"off\"]<\/p>\n<p>Our analysts test applications for security-critical malfunctions in the application logic, in access to the (operating) system, and in the interpretation and provision of data. During the pentest, they use various test procedures depending on the application to be tested.<\/p>\n<p>The following tests are part of it, among others:\u00a0<\/p>\n<ul>\n<li>Analysis of application behavior with modified input values (manually and by fuzzing) to identify weaknesses in system integration.<\/li>\n<li>Analysis of the transfer of sensitive information between frontend and backend<\/li>\n<li>Consideration of interfaces for secure interpretation of processed information, as well as secure serialization of provided information<\/li>\n<li>Identification and exploitation of unsecured administration interfaces (exploitation takes place only after consultation or approval)<\/li>\n<li>Investigation of application-specific permissions in RACF<\/li>\n<\/ul>\n<p>[\/et_pb_accordion_item][\/et_pb_accordion][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"2_5,3_5\" _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"0px|auto||auto|false|false\" custom_padding=\"||53px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"2_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-pentest-webseite-IV-1.jpeg\" title_text=\"usd-pentest-webseite-IV\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>Are Your Systems Protected Against Attackers?<\/h2>\n<p><span>We are happy to discuss your options for analyzing your systems and applications by our security analysts. Feel free to contact us.<\/span><\/p>\n<p>[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/contact-form-analysis-pentests\/\" button_text=\"Contact us\" _builder_version=\"4.16\" _module_preset=\"7d5eca5e-7ccf-4359-a023-e8404a31180a\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>Get More Insights<\/h2>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_2,1_2\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_blend=\"multiply\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_2\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"rgba(46,53,61,0.86)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-kachel-leistung-pentest-2.jpg\" background_blend=\"multiply\" global_colors_info=\"{}\" background__hover_enabled=\"off|hover\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"2f9ba085-a5fa-4356-993b-05b9ace0780d\" custom_padding=\"47px|30px|25px|30px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3><span style=\"color: #ffffff\">Pentest: Our standardized approach<\/span><\/h3>\n<p>[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/pentest\/pentest-approach\/\" button_text=\"Learn more\" button_alignment=\"center\" _builder_version=\"4.21.0\" _module_preset=\"7244f902-5e49-458a-9554-eef332089ce2\" custom_margin=\"||26px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_2\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"rgba(46,53,61,0.86)\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-security-analysis-pentest-header.jpg\" background_blend=\"multiply\" global_colors_info=\"{}\" background__hover_enabled=\"off|hover\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"2f9ba085-a5fa-4356-993b-05b9ace0780d\" custom_padding=\"47px|30px|25px|30px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3><span style=\"color: #ffffff\">Pentest: Your benefits at a glance<\/span><\/h3>\n<p>[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/pentest\/pentest-benefits\/\" button_text=\"Learn more\" button_alignment=\"center\" _builder_version=\"4.21.0\" _module_preset=\"7244f902-5e49-458a-9554-eef332089ce2\" custom_margin=\"||26px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pentest Mainframes Protect Your Systems and ApplicationsIn industries such as finance and insurance, airlines or retail, large volumes of sensitive data must be processed on a regular basis. Since mainframe solutions are particularly powerful, they continue to be the preferred choice in these industries in particular. In addition, mainframes and their operating systems, such as [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":18446,"parent":40183,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" custom_padding=\"0px||0px||true|false\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\" width=\"100%\" custom_padding=\"0px||||false|false\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"default\" text_text_color=\"#FFFFFF\" text_font_size=\"30px\" text_line_height=\"1.2em\" header_font=\"Roboto||||||||\" header_text_color=\"#F07F1D\" header_font_size=\"50px\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-herolab-web-application-pentest-1-1.jpg\" custom_margin=\"-31px||0px||false|false\" custom_padding=\"166px|15px|62px|15px|false|true\" global_colors_info=\"{}\"]\n<h1 class=\"x-text-content-text-primary\" style=\"text-align: center\">Pentest: Mainframe<\/h1>\n<p style=\"text-align: center\">Sch\u00fctzen Sie Ihre Systeme und Anwendungen<\/p>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.9.11\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"0px|0px|0px|0px|true|true\" global_colors_info=\"{}\"]\n\nIn Branchen wie dem Finanz- und Versicherungswesen, bei Airlines oder im Handel m\u00fcssen regelm\u00e4\u00dfig gro\u00dfe Mengen von sensiblen Daten verarbeitet werden. Da Mainframe-L\u00f6sungen besonders leistungsstark sind, werden sie gerade in diesen Branchen&nbsp; weiterhin bevorzugt eingesetzt. Dar\u00fcber hinaus gelten Mainframes und ihre Betriebssysteme, wie z\/OS oder AS\/400 (System i), gemeinhin als besonders robust und sicher. Doch auch hier k\u00f6nnen Fehler in der Entwicklung sowie der Konfiguration und dem Betrieb zu Schwachstellen mit existenzbedrohenden Folgen f\u00fcr Unternehmen f\u00fchren. Deshalb sollten auch Mainframe-L\u00f6sungen unbedingt regelm\u00e4\u00dfigen technischen Sicherheits\u00fcberpr\u00fcfungen unterzogen werden.\n\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.9.11\" _module_preset=\"default\" custom_padding=\"3px||30px||false|false\" global_colors_info=\"{}\"][et_pb_column type=\"1_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/icon-symbol-orange-007-2.png\" title_text=\"icon-symbol-orange-007\" _builder_version=\"4.9.4\" _module_preset=\"default\" width=\"78%\" module_alignment=\"center\" global_colors_info=\"{}\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.9.11\" _module_preset=\"default\" header_3_text_color=\"#F07F1D\" global_colors_info=\"{}\"]\n<h3>Wussten Sie schon?<\/h3>\n[\/et_pb_text][et_pb_text _builder_version=\"4.9.11\" _module_preset=\"default\" global_colors_info=\"{}\"]\n\nStandards wie PCI und ISO sowie die aufsichtsrechtlichen Anforderungen der Bundesanstalt f\u00fcr Finanzdienstleistung (BAIT, KAIT, ZAIT) fordern regelm\u00e4\u00dfige Penetrationstests auf den Mainframe. Zudem legt IBM in ihren Standardbedingungen zur Garantie die Erkennung von Schwachstellen in die Verantwortung des Kunden.\n\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.9.11\" _module_preset=\"default\" global_colors_info=\"{}\"]\n<h2>Wie k\u00f6nnen wir helfen?<\/h2>\nWir kombinieren Expertenwissen in der Konfiguration und dem Betrieb von Mainframes mit jahrelanger Erfahrung in Security Analysen und Penetrationstests (Pentest).\n\n\u00dcber eine Kombination aus Greybox-Pentest, Code Review und Security Audit ermitteln wir kritische Schwachstellen auf dem Mainframe und in darauf betriebenen Applikationen, die beispielsweise f\u00fcr einen unautorisierten Zugang oder eine Erweiterung von Berechtigungen ausgenutzt werden k\u00f6nnen.\n\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" custom_padding=\"||1px|||\" global_colors_info=\"{}\"][et_pb_column type=\"1_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/icon-schwachstelle-orange-003.png\" title_text=\"icon-schwachstelle-orange-003\" _builder_version=\"4.9.4\" _module_preset=\"default\" width=\"74%\" module_alignment=\"center\" global_colors_info=\"{}\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.9.11\" _module_preset=\"default\" header_3_text_color=\"#F07F1D\" global_colors_info=\"{}\"]\n<h3>H\u00e4ufige Schwachstellen sind beispielsweise:<\/h3>\n[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"]\n<ul>\n \t<li>Fehlerhaftes Identit\u00e4ts- und Access-Management<\/li>\n \t<li>Verwendung von Standard-Passw\u00f6rtern und schwaches Passwort-Management<\/li>\n \t<li>Fehlkonfigurationen von Datenbanken<\/li>\n<\/ul>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.9.11\" _module_preset=\"default\" global_colors_info=\"{}\"]\n<h2>Wie gehen wir vor?<\/h2>\nDie \u00dcberpr\u00fcfung erfolgt in 3 Phasen:\n\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.9.11\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.11\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_accordion open_toggle_background_color=\"#FFFFFF\" closed_toggle_background_color=\"#FFFFFF\" icon_color=\"#F07F1D\" use_icon_font_size=\"on\" icon_font_size=\"23px\" _builder_version=\"4.9.11\" _module_preset=\"default\" body_font=\"|300|||||||\" body_font_size=\"16px\" custom_margin=\"4px|0px|-1px|0px|false|true\" border_radii=\"on|5px|5px|5px|5px\" border_color_all=\"#F6F6F6\" box_shadow_style=\"preset1\" box_shadow_spread=\"-11px\" box_shadow_color=\"rgba(0,0,0,0.22)\" global_colors_info=\"{}\" open_toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|desktop\" toggle_text_color__hover=\"#F07F1D\" toggle_text_color__hover_enabled=\"on|hover\"][et_pb_accordion_item title=\"Nicht bearbeiten!\" _builder_version=\"4.9.4\" _module_preset=\"default\" custom_css_main_element=\"display: none;\" global_colors_info=\"{}\" open=\"off\"]\n\nYour content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.\n\n[\/et_pb_accordion_item][et_pb_accordion_item title=\"Phase 1: Vorbereitung und Scoping\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.9.11\" _module_preset=\"default\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\" open=\"off\"]\n\nIm Vorfeld des Pentests stimmen sich unsere Security Analyst*innen mit den verantwortlichen Ansprechpartner*innen aus Ihrem Unternehmen zu dem konkreten Scope, den Pr\u00fcfinhalten, dem Zeitplan und Ihren Mitwirkungspflichten ab.\n\n[\/et_pb_accordion_item][et_pb_accordion_item title=\"Phase 2: Mainframe Pentests auf Ebene der Konfiguration und H\u00e4rtung\" open=\"on\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.9.11\" _module_preset=\"default\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\"]\n\nInformationsbeschaffung \u00fcber unter anderem:\n<ul>\n \t<li>die PL Parameter f\u00fcr aktuelle IPL, die APF Autorisierung, die Linklisted and LPA Datens\u00e4tze, die JES Spool &amp; Checkpoint Datens\u00e4tze, die Page &amp; SMF Datens\u00e4tze und die IPLPARM &amp; Parmlib Datens\u00e4tze,<\/li>\n \t<li>die Hardware Konfiguration, inkl. der IODF Datens\u00e4tze und der ISPF Datens\u00e4tze (CLIST, REXX, etc.),<\/li>\n \t<li>die Security Systeme bzw. ESMs (bspw. RACF, ACF2 &amp; TSS) f\u00fcr alle zuvor genannten Datens\u00e4tze.<\/li>\n<\/ul>\nReview der Konfiguration und H\u00e4rtung\n\nUnsere Analyst*innen f\u00fchren eine umfassende Analyse Ihrer Mainframe-Umgebung durch. Folgende Pr\u00fcfungen sind unter anderem Bestandteil:\n<ul>\n \t<li>Review privilegierter Nutzer (bspw. SPECIAL, NON-CNCL, UID(0)) sowie kritischer Datasets (bspw. LINKLIB, PARMLIB, LPA, APF, JES2 \/ JES3 Spool)<\/li>\n \t<li>\u00dcberpr\u00fcfung auf die Ausweitung von Benutzerrechten bspw. durch das Ausnutzen von Authorized Program Facility (APF) Bibliotheken oder via Network Job Entry (NJE)<\/li>\n \t<li>\u00dcberpr\u00fcfung der Public Resources, der User SVCs, MVS &amp; JES2 \/ JES3 Command Authority, des RACF\/TSS\/ACF2 Exits, der MVS Subsysteme (IMS, Db2, CICS, NETView, etc.), der MVS UNIX Umgebung<\/li>\n \t<li>Untersuchung der Zugriffsrechte f\u00fcr bspw. RACF Datenbanken sowie die RACF PassTicket Funktionalit\u00e4t<\/li>\n<\/ul>\n[\/et_pb_accordion_item][et_pb_accordion_item title=\"Phase 3: Pentest von Applikationen am Mainframe\" closed_toggle_text_color=\"#3C3C3C\" _builder_version=\"4.9.11\" _module_preset=\"default\" border_radii=\"on|5px|5px|5px|5px\" global_colors_info=\"{}\" closed_toggle_font=\"|300|||||||\" closed_toggle_font_size=\"16px\" toggle_text_color__hover_enabled=\"on|hover\" toggle_text_color__hover=\"#F07F1D\" open_toggle_text_color__hover_enabled=\"on|hover\" open_toggle_text_color__hover=\"#F07F1D\" open=\"off\"]Applikationen werden durch unsere Analyst*innen auf sicherheitskritische Fehlfunktionen in der Applikationslogik, bei Zugriffen auf das (Betriebs-) System, sowie der Interpretation und Bereitstellung von Daten gepr\u00fcft. W\u00e4hrend des Pentests greifen sie abh\u00e4ngig von der zu pr\u00fcfenden Anwendung auf verschiedene Testverfahren zur\u00fcck.\n\nFolgende Pr\u00fcfungen sind unter anderem Bestandteil:\n&nbsp;\n<ul>\n \t<li>Analyse des Anwendungsverhaltens bei modifizierten Eingabewerten (manuell und durch Fuzzing) zur Identifikation von Schw\u00e4chen der Systemintegration<\/li>\n \t<li>Analyse der \u00dcbertragung von sensiblen Informationen zwischen Frontend und Backend<\/li>\n \t<li>Betrachtung von Schnittstellen auf sichere Interpretation von verarbeiteten Informationen, sowie sichere Serialisierung von bereitgestellten Informationen<\/li>\n \t<li>Identifikation und Ausnutzung von ungesicherten Administrationsschnittstellen (Ausnutzung erfolgt nur nach Absprache bzw. Freigabe)<\/li>\n \t<li>Untersuchung von applikationsspezifischen Berechtigungen in RACF<\/li>\n<\/ul>\n[\/et_pb_accordion_item][\/et_pb_accordion][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.9.11\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.11\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_divider _builder_version=\"4.9.11\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"2_5,3_5\" _builder_version=\"4.9.11\" _module_preset=\"default\" custom_margin=\"0px|auto||auto|false|false\" custom_padding=\"||53px|||\" global_colors_info=\"{}\"][et_pb_column type=\"2_5\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-pentest-webseite-IV-1.jpeg\" title_text=\"usd-pentest-webseite-IV\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_5\" _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"default\" global_colors_info=\"{}\"]\n<h2><span>Sind Ihre Systeme gegen Angreifer gesch\u00fctzt?<\/span><\/h2>\nGerne beraten wir Sie zu Ihren M\u00f6glichkeiten, Ihre Systeme und Anwendungen von unseren Security Analysten \u00fcberpr\u00fcfen zu lassen. Sprechen Sie uns einfach an.\n\n[\/et_pb_text][et_pb_button button_url=\"\/kontaktformular-analysis-pentests\/\" button_text=\"Kontaktieren Sie uns\" _builder_version=\"4.9.4\" _module_preset=\"7d5eca5e-7ccf-4359-a023-e8404a31180a\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-18405","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/18405","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=18405"}],"version-history":[{"count":4,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/18405\/revisions"}],"predecessor-version":[{"id":62962,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/18405\/revisions\/62962"}],"up":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/40183"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/18446"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=18405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}