Mainframe Penetration Testing

Finding mainframe security experts is a challenge. As a result, mainframes are often passed over during security reviews, which increases the security risk to your business-critical infrastructure. NetSPI partners with one of the most qualified mainframe security experts to offer you the mainframe penetration testing service with the coverage you need.

Watch The Webinar: Why zOS Mainframe Security Matters

Improve IBM z/OS Mainframe System Security

While z/OS mainframe deployments are far more secure than other platforms, they still suffer from critical software and configuration vulnerabilities. Often, these vulnerabilities can be exploited via a simple REXX Exec, which presents significant risks to your company.

NetSPI’s mainframe security experts use a proven approach to mainframe penetration testing on IBM z/OS systems to identify security vulnerabilities that exist within your mainframe.

Mainframe Penetration Testing Service

During an onsite or remote pentest, our mainframe penetration testing experts test the following areas from multiple user perspectives to identify high-risk privilege escalation paths:

  • Library access checks
  • Password checks
  • Public dataset checks
  • Public resource checks
  • User SVC checks
  • MVS and JES2/JES3 command authority checks
  • RACF/TSS/ACF2 exit checks
  • ES2/JES3 spool dataset checks
  • MVS subsystem checks (IMS, DB2, CICS, NetView, etc.)
  • MVS UNIX environment checks
  • Miscellaneous checks

Why Do I Need Mainframe Penetration Testing?

Mainframe security vulnerabilities can lead to external or internal breaches of the existing security controls. Once breached, there is high risk of compromising the confidentiality, integrity, and availability of the mainframe’s systems or data.

IBM states that the detection of mainframe vulnerabilities is the responsibility of the client, according to the standard terms and conditions of IBM’s mainframe warranty. In addition, PCI DSS, Sarbanes Oxley, and ISO standards stipulate that penetration testing needs to be performed regularly.

icon
icon
icon
icon
icon
icon

Pentesting Research and Tools

Learn about penetration testing on our blog, our open source penetration testing toolsets for the infosec community, and our SQL injection wiki.

Need a Quote?
Common Questions
What is Penetration Testing as a Service (PTaaS)?

PTaaS is NetSPI’s delivery model for penetration testing. It enables customers to simplify the scoping of new engagements, view their testing results in real time, orchestrate faster remediation, perform always-on continuous testing, and more - all through the Resolve™ vulnerability management and orchestration platform. Learn More

Why should I use NetSPI?

We help organizations defend against adversaries by being the best at simulating real-world, sophisticated adversaries with the products, services, and training we provide. We know how attackers think and operate, allowing us to help our customers better defend against the threats they face daily.

How does NetSPI ensure quality results?

At NetSPI, we believe that there is simply no replacement for human-led manual deep dive testing. Our Resolve platform delivers automation to ensure our people spend time looking for the critical vulnerabilities that tools miss. We provide automated and manual testing of all aspects of an organization’s entire attack surface, including external and internal network, application, cloud, and physical security.

Our proven methodology ensures that the client experience and our findings aren’t only as good as the latest tester assigned to your project. That consistency gives our customers assurance that if vulnerabilities exist, we will find them.