1. Jeff Nesler
  2. PowerBuilder
  3. Saturday, 28 July 2018 23:16 PM UTC

Does anyone know of any tools that might be able to analyze a Powerbuilder classic app for potential security vulnerabilities?  Sort of like an HP Fortify for native Powerscript?  I saw an answer to a similar question that it may be possible with certain types of targets that emit C# code, but nothing about doing a scan on a PB Classic app.

Are there any type of guidelines available for secure coding techniques in PB Classic?  Maybe like a Do's and Don'ts type of thing that could be provided to someone with less PB experience?

Thanks,

Jeff

Who is viewing this page
Christophe Dufourmantelle Accepted Answer Pending Moderation
  1. Saturday, 1 May 2021 10:19 AM UTC
  2. PowerBuilder
  3. # 1
3
Votes
Undo
Hi Jeff,
 
You can use Visual Expert to scan your PB/PowerScript code and detect security vulnerabilities.
 
If needed, you can run it as a job in a Continuous Integration workflow,
 
If you have some, you can also Oracle or SQL Server code, that will cover both front and back-end.
 
Regards,
Christophe
Comment
There are no comments made yet.
Roland Smith Accepted Answer Pending Moderation
  1. Wednesday, 1 August 2018 15:28 PM UTC
  2. PowerBuilder
  3. # 2
0
Votes
Undo

To secure a PB app your biggest task is to secure the database connection. The biggest vulnerability is sensitive data flowing over the network. Turn on connection encryption and get a network sniffer tool to make sure it isn't transmitting userid/password when connecting.

Comment
There are no comments made yet.
Jeff Nesler Accepted Answer Pending Moderation
  1. Wednesday, 1 August 2018 15:16 PM UTC
  2. PowerBuilder
  3. # 3
0
Votes
Undo

Thanks Chris, I didn't think there was anything out there strictly for Powerscript, but wanted to make sure.

Comment
There are no comments made yet.
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Sunday, 29 July 2018 03:24 AM UTC
  2. PowerBuilder
  3. # 4
0
Votes
Undo

Hi Jeff;

   Correct ... for HP's Fortify you would need to have the App published in C#. That was possible in the PB 11.5 to 12.6 releases by creating a WinForm Target. Unfortunately in the newer PB's - the Winform feature has been deprecated. AFAIK - there are currently no security tools that work on Classic Apps.

  Hopefully, someone else may have found software that can check C++ code. If that were the case, then M-Code compilation might generate what you need. This MS toll might work ... https://www.microsoft.com/en-us/SDL/adopt/tools.aspx

HTH

Regards ... Chris

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.