Product Penetration Testing

Our mainframe security consultants use a proven methodology to pen test vendor products, checking them for vulnerabilities, scanning source code, reviewing installation and customisation documents, and reviewing architecture documents – revealing vulnerability or configuration issues and other potential routes for cyberattack.

With mainframe product pen testing an increasingly important requirement, ISVs and end users want assurances from a trusted third party that products are as secure as they can be. We provide that expertise.

Focusing on product specifics, we examine them through the eyes of a hacker: looking at code and the underlying security model, as well as z/OS component testing, and network configuration if relevant.

Our insights and recommendations can help you to ensure your products are not the weak link in the chain.

Vertali people have more experience working with more vendor products in more mainframe settings than any other provider. Organizations trust us to provide an objective view of risks and how they can be mitigated.

The Vertali process

  • Code Review: examining product code for exploitable SVCs, potential vulnerabilities and weaknesses in cross-system functionality, along with examining the underlying security model.
  • z/OS Component Testing: reviewing structure and configuration, testing for exploitable vulnerabilities.
  • Network Configuration: reviewing network set-up for potential security weakness that could be exploited – this is only tested if the product has a network related aspect.
  • Report Generation: detailed findings explaining the code reviewed, identified vulnerabilities, recommendations for remediation and any other observations, together with an attestation letter and test summary.

No specific tooling needs to be installed for a Vertali product pen test. Initial data gathering, testing, analysis and report generation are generally performed remotely. No test data is transferred offsite, with the assessment report held on encrypted media with restricted access.

Related Case Studies

Explore Security

Security Assessment/Audit Remediation

Cyber Resiliency

Mainframe Penetration Testing

Mainframe Security Assessment

Application Penetration Testing

Vulnerability Scanning

Get in touch

If  you have any questions or would like to know more about Vertali, please enter your details below and a member of our team will get back to you.

Back To Top

Based on your location, we think you may prefer the Vertali APAC site where you’ll get regional content, offerings and contacts.

APACVertali APAC Vertali Global

Dismiss