Michelle Eggers, Security Consultant at NetSPI, executes penetration testing for a variety of client environments. After making a strong pivot from operations into proactive security, Michelle focuses on web application, mainframe, and network pentesting. In this video, recorded as a bonus session for IBM TechXchange, she discusses web application vulnerabilities and the z/OS environment.
Over the years mainframe developers have seen fit to make almost everything a web app. From Abend Aid to z/OSMF, there’s no avoiding web apps on your mainframe. Even internally as companies modernize their mainframe, they’re opening web APIs and web pages for other systems to consume and with the growing presence of web applications on mainframes, new risks are introduced. Unfortunately, the threats that exist for these web-based environments may be lurking in the shadows of the unexamined mainframe as well.
This video explores some well-established approaches to web app penetration testing methodology, cover several of the most frequently seen vulnerabilities, and discuss how these vulnerabilities could potentially lead to a compromise of the z/OS environment. Vulnerabilities covered in this talk will be based on OWASP top 10 vulnerabilities with a z/OS twist. Watch the video:
Open Mainframe Project content was featured at IBM TechXchange‘s Community Day, which took place on October 21 in Las Vegas. Some of the other videos from Open Mainframe Project’s track at Community Day, can be found here. Photos from the event can be found here.
Keep up to date with Open Mainframe Project:
- Follow us on X at @Openmfproject
- Connect with our LinkedIn page
- Subscribe to our Youtube Channel
- Sign up to get our quarterly newsletter