Mainframe penetration testing

Finding mainframe security experts is a challenge. As a result, mainframes are often passed over during security reviews, which increases the security risk to your business-critical infrastructure. NetSPI’s mainframe penetration testing is led by one of the most qualified mainframe security experts who brings valuable insight into your LPAR security, providing actionable guidance on how to improve your mainframe security and help meet compliance requirements.

What does NetSPI test for?

Our testing approach is based on NIST 800-53 special publication, PCI DSS, IBM recommendations, the MITRE ATT&CK framework, and other industry best practices. Our mainframe penetration testing experts offer four types of testing:

Blackbox (unauthenticated) testing

  • Network service discovery
  • Vulnerability discovery and verification
  • VTAM/SNA discovery
  • Logical unit enumeration
  • Application ID discovery
  • TN3270 application testing
  • Web application testing
  • Password auditing
  • Network job entry

Presumed breach (authenticated) testing

  • Automated vulnerability discovery
  • RACF/TopSecret/ACF2 testing
  • Vulnerability verification and exploitation
  • Offline password auditing
  • APF authorization privilege escalation
  • TSO, JES2, and UNIX System Services testing
  • SVC privilege escalation

CICS application testing

  • Tests common application vulnerabilities
  • CICS transaction review/testing/exploitation
  • AID testing
  • BMS testing
  • CICS web application testing
  • CICS API testing

CICS region testing

  • Check for common CICS region misconfiguration
  • Enumerate/Brute force transaction IDs
  • Test access to critical transactions
  • Password auditing

You deserve The NetSPI Advantage

Security experts

  • 250+ pentesters
  • Employed, not outsourced
  • Domain expertise

Intelligent process

  • Programmatic approach
  • Strategic guidance
  • Delivery management team

Advanced technology

  • Consistent quality
  • Deep visibility
  • Transparent results