Presented at
ShmooCon 2023,
Jan. 22, 2023, 10 a.m.
(60 minutes).
Mainframe systems continue to drive global economic activity despite the “legacy” label they are often associated with. In fact, mainframes are responsible for business-critical functions across 70 percent of Fortune 500 companies. If you have ever withdrawn cash at an ATM, done your taxes online, or booked a flight for your next holiday, you have likely interacted with a mainframe. As with all business-critical systems, ensuring they are secure is imperative. One of the core components of many mainframe shops is the use of CICS, a platform for hosting applications. This component is something that has been largely overlooked in previous talks, which tend to focus on the z/OS operating system. Attendees will learn about how CICS applications work, how to adequately test and secure them as well as the numerous vulnerabilities that exist in poorly developed CICS applications.
Presenters:
-
Jan Nunez
Jan Nunez and Jay Smith are security researchers for a Fortune 100 company where they are primarily responsible for application security across web applications, thick clients, web services, and mainframe systems. Their research into CICS has uncovered several vulnerabilities on applications long thought to be secure which has allowed them to improve both SAST and DAST processes as well as develop testing methodologies for these systems that can be applied to all CICS applications.
-
Jay Smith
Jan Nunez and Jay Smith are security researchers for a Fortune 100 company where they are primarily responsible for application security across web applications, thick clients, web services, and mainframe systems. Their research into CICS has uncovered several vulnerabilities on applications long thought to be secure which has allowed them to improve both SAST and DAST processes as well as develop testing methodologies for these systems that can be applied to all CICS applications.
Similar Presentations: