Overview / Services / Penetration testing

IBM i (AS/400) penetration testing

Demonstrate practically exploitable vulnerabilities of IBM i systems — including green screens and platform-specific services that generic tests skip.

The engagement

Real attacks, from a realistic attacker position.

The experts at Silent Signal have unique competence for security testing of IBM i (formerly AS/400) systems. These systems process critical business data, yet their security testing is typically skipped or only superficial because of their unusual operation — a trend reinforced by myths about "bulletproof" midrange systems.

Our comprehensive IBM i audit service is based on our own lab environment, where we have developed audit methodology and testing tools that go significantly beyond publicly documented methods. With this approach we have demonstrated critical vulnerabilities — including 0-day vulnerabilities — caused by incorrect operational practices or bugs in the manufacturer's software.

Because real-world attacks often rely on compromised user workstations, tests are best run from low-privilege user credentials. From this assumed-breach position, our testers find ways to gain full control of the IBM i system. The results let you apply fixes and mitigations across multiple layers, for robust protection against realistic attackers.

  • Demonstrate practically exploitable vulnerabilities, not theoretical findings.
  • Include "green screens" and other platform-specific services in scope.
  • Test the security of vendor-supplied, third-party and internally developed applications.

WHAT YOU LEAVE WITH

Not just a list of problems — a clear picture of your current posture, plus prioritised, practical remediation across system, application and configuration layers, mapped to attacker techniques. With iCompliant you then verify those fixes on your live systems and keep them in place, with no separate test environment.

Why Silent Signal

Capability you can't get from a generic pentest.

Hands-on experience

A team of skilled professionals with in-depth knowledge of IBM i systems, able to identify and remediate vulnerabilities that put critical assets at risk.

Unique methodology

An enhanced penetration testing methodology — tools and methods — built for IBM i, giving a thorough evaluation of the system's security posture.

In-house research lab

Continuous in-house research on IBM i environments uncovers new attack vectors and identifies the solutions that mitigate them.

Request more information → Download datasheet (PDF)

Get started

Find out what an attacker would find first.

Scope an assumed-breach IBM i penetration test with the team behind 15+ public CVEs.

Scope a penetration test