[Owasp-leaders] How to test an AS/400 Interface
tonyuv at owasp.org
Mon Aug 27 18:56:45 UTC 2012
Code on an AS/400 is really not something that you can test easily with a
tool. Unfortunately, this type of platform is something that requires more
of a arhictectural review (assumming its a newer AS/400 that supports TCP/
IP over SNA connections. Also, it requires a heavy understanding of their
access control catalogs that may be in place, such as RACF2, ACF, Top
Secret, etc.I'm pretty certain that OWASP doesn't have anything that is
built for this, but doesn't mean it couldn't happen. AS/400s (in my
experience) haven't been widely pubished COM or web service endpoints that
are open for APIs to hit. They are very call and batch driven and is best
tested via a customized manual process. As with any app, checks and reviews
around logging, authentication, elevation of privs, access control,
cryptographic based security, superfluous accounts & services, etc provide
for a simple framework to develop test scripts for an AS400.
If you do find a tool however, would love to hear how successful it was in
identifyign security flaws.
*Atlanta Chapter President*
On Mon, Aug 27, 2012 at 11:47 AM, German Alonso Suárez Guerrero <
german.suarez at owasp.org> wrote:
> Hi everyone!
> I've got the following issue that someone asked me through the chapter
> mailing list: "How to audit and test source code with an OWASP tool in an
> AS/400 developed interface"
> I've really got no idea how to test with static code check an AS/400
> Do you know any supporting tool (it does not matter if it is open source
> or not) to test this code?
> Thank you in advance!
> German Alonso Suárez Guerrero
> OWASP Chapter Leader - Bogotá
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders