IBM i (AS/400) penetration testing
The experts of Silent Signal have unique competence for security testing of IBM i (formerly AS/400) systems. Although these systems process critical business data, their security testing is typically skipped, or only superficial, due to their unusual operation. This trend is further strengthened by myths about “bulletproof” midrange systems.
Silent Signal's comprehensive IBM i audit service is based on its own lab environment, where our experts have developed audit methodology and testing tools that significantly go beyond publicly documented methods. With this unique approach, we have demonstrated critical vulnerabilities resulting from incorrect operation practices or bugs in the manufacturer's software (including “0-day” vulnerabilities).
Since real-world attacks often rely on compromised user workstations, penetration tests are best executed in the possession of low-privilege user credentials. From this “assumed breach” position, testers find ways to gain full control over the IBM i system. Based on the results of the penetration test, vulnerability fixes and mitigation measures can be applied to multiple layers of the system, providing robust protection against the assumed types of attackers.
Silent Signal’s team of skilled professionals has in-depth knowledge of IBM i systems, enabling them to identify and remediate vulnerabilities that pose a risk to an organization’s critical assets.
Building on our experience and a comprehensive approach, we have developed an enhanced (tools, methods) penetration testing methodology for IBM i systems that provides a thorough evaluation of the system’s security posture.
In-house security research lab
Silent Signal’s in-house security research on IBM i environments uncovers new attack vectors and identifies solutions to mitigate the risks they pose.
Request a consultation Download as PDF