• The RSM Mainframe Penetration Testing service seeks to identify risks that exist in your IBM Z mainframe systems. This enables you to plan appropriate action to plug gaps, strengthen your defences, protect business critical operations and comply with industry standards.

  • World-class expertise to identify vulnerabilities and plan your response

    Understanding the risks

    Mainframe penetration testing and vulnerability testing are essential. Vulnerabilities come in two forms: infrastructure and software. Infrastructure vulnerabilities result from failings in hardware configuration, system configuration parameters and security system controls. Software vulnerabilities arise from poor design and coding standards in the z/OS operating system, Independent Software Vendor products and in-house coding. Such vulnerabilities can allow a basic user to gain access to any resources and data on the system, leading to the potential for serious breaches that can compromise both system and data.

     

  • Our technical skills and experience help you understand and mitigate those risks, revealing vulnerabilities and enabling remediation to be planned and prioritized. Deliverables include:

    Initial findings provided onsite

    Penetration Test Report issued within two weeks of onsite testing

    Optionally, a demonstration of one of the exploits discovered

    Client Checklist for recommended remediation activities

    RSM consultants meeting in-house personnel and/or ISVs to discuss vulnerabilities identified

  • Essential testing - made easy

    Under standard warranty terms and conditions, IBM puts responsibility for detection of vulnerabilities on their clients. Additionally, compliance with industry standards such as PCI, Sarbanes Oxley and ISO standards requires that penetration testing must be performed regularly.

    RSMs recommended 3-Phase Penetration Testing Process includes:

    Phase 1: Non Disruptive Data Collection our experts gather data including: IPL Parameters for current IPL; APF Authorised, Linklisted and LPA Datasets; JES Spool & Checkpoint Datasets; Page & SMF Datasets; IPLPARM & Parmlib Datasets; Hardware Configuration including IODF Datasets; ISPF Datasets (CLIST, REXX, etc.); and security Information for all of the above (RACF, ACF2 & TSS).

    Phase 2: Mainframe Penetration Testing our experts probe your mainframe environment intensively, determining if its possible to elevate privileges, including: Library Access Checks, Password Checks, Public Dataset Checks, Public Resource Checks, User SVC Checks, MVS & JES2 / JES3 Command Authority Checks, RACF/TSS/ACF2 Exit Checks, JES2 / JES3 Spool Dataset Checks, MVS Subsystem Checks (IMS, DB2, CICS, NETView, etc.), MVS UNIX Environment Checks, and Miscellaneous Checks

    Phase 3: Software Scan working across your systems, a specialist vulnerability scanning software tool is deployed, using proprietary fuzzy logic technology to identify system integrity exposures found in Supervisor Call (SVC) Interfaces, Operating System Exits, Program Call (PC) Routines and Authorised Program Function (APF) calls - collecting code vulnerability data and generating a detailed report that lists vulnerabilities, enabling prompt and targeted remediation action.

    Download our Penetration Testing datasheet here

  • Engaged by the audit partner of two large UK-based insurance companies, we perform regular mainframe penetration tests, revealing and risk assessing various issues, planning remediation and enabling these insurers to comply with regulatory requirements.

    Example Client Engagement

  • Want to find out more?

    To discover how RSM Penetration Testing can help your business

    Call: +44 (0)1527 837767

    Email our team and request our latest technology discussion paper

    ASK US A QUESTION

  • Penetration Testing service overview

    DOWNLOAD

  • Mainframe Security Assessment datasheet

    DOWNLOAD

  • Download our Digital Transformation & Cybersecurity Paper

    DOWNLOAD

×