Mainframe Penetration Testing
Finding mainframe security experts is a challenge. As a result, mainframes are often passed over during security reviews, which creates risk to some of the business’s most critical infrastructure. NetSPI has partnered with one of the world’s most qualified mainframe security experts to offer mainframe penetration testing that provides the coverage you need.
Identify vulnerabilities in your IBM z/OS mainframe system
While the z/OS mainframe deployments can be far more secure than other platforms, they can still suffer from critical software and configuration vulnerabilities. These vulnerabilities often can be exploited via a simple REXX Exec, which presents significant risks to your company.
NetSPI partners with mainframe security experts who use a proven approach to mainframe penetration testing on IBM z/OS systems to identify security vulnerabilities that exist within your mainframe.
The NetSPI Difference
NetSPI delivers industry-leading penetration testing expertise and a vulnerability
management platform that makes penetration test results actionable.
Learn More arrow_forward
A collaborative team with experience and expertise produces the highest
quality of work
Our Mainframe Penetration Testing Service
During an onsite or remote pentest phase, our penetration testing experts will test the following areas from multiple user perspective to identify high risk privilege escalation paths:
- Library access checks
- Password checks
- Public dataset checks
- Public resource checks
- User SVC checks
- MVS & JES2/JES3 command authority checks
- RACF/TSS/ACF2 exit checks
- ES2 / JES3 spool dataset checks
- MVS subsystem checks (IMS, DB2, CICS,NetView, etc.)
- MVS UNIX environment checks
- Miscellaneous checks
What to know about mainframe penetration testing
Mainframe security vulnerabilities can lead to external or internal breaches of the existing security controls. Once breached, there is high risk of compromising the confidentiality, integrity, and availability of the mainframe’s systems or the data residing within.
IBM states that the detection of mainframe vulnerabilities is the responsibility of the client, according to the standard terms and conditions of IBM’s mainframe warranty. In addition, PCI, Sarbanes Oxley, and ISO standards stipulate that penetration testing needs to be carried out regularly.
Benefits of Penetration Testing
Pentest your applications to:
Meet network security testing requirements from a third party
Learn how to strengthen your network security program
Augment your team
Get a fresh set of eyes from penetration testing experts