1. Jeff Nesler
  2. PowerBuilder
  3. Saturday, 28 July 2018 23:16 PM UTC

Does anyone know of any tools that might be able to analyze a Powerbuilder classic app for potential security vulnerabilities?  Sort of like an HP Fortify for native Powerscript?  I saw an answer to a similar question that it may be possible with certain types of targets that emit C# code, but nothing about doing a scan on a PB Classic app.

Are there any type of guidelines available for secure coding techniques in PB Classic?  Maybe like a Do's and Don'ts type of thing that could be provided to someone with less PB experience?



Christophe Dufourmantelle Accepted Answer Pending Moderation
  1. Saturday, 1 May 2021 10:19 AM UTC
  2. PowerBuilder
  3. # 1
Hi Jeff,
You can use Visual Expert to scan your PB/PowerScript code and detect security vulnerabilities.
If needed, you can run it as a job in a Continuous Integration workflow,
If you have some, you can also Oracle or SQL Server code, that will cover both front and back-end.
There are no comments made yet.
Roland Smith Accepted Answer Pending Moderation
  1. Wednesday, 1 August 2018 15:28 PM UTC
  2. PowerBuilder
  3. # 2

To secure a PB app your biggest task is to secure the database connection. The biggest vulnerability is sensitive data flowing over the network. Turn on connection encryption and get a network sniffer tool to make sure it isn't transmitting userid/password when connecting.

There are no comments made yet.
Jeff Nesler Accepted Answer Pending Moderation
  1. Wednesday, 1 August 2018 15:16 PM UTC
  2. PowerBuilder
  3. # 3

Thanks Chris, I didn't think there was anything out there strictly for Powerscript, but wanted to make sure.

There are no comments made yet.
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Sunday, 29 July 2018 03:24 AM UTC
  2. PowerBuilder
  3. # 4

Hi Jeff;

   Correct ... for HP's Fortify you would need to have the App published in C#. That was possible in the PB 11.5 to 12.6 releases by creating a WinForm Target. Unfortunately in the newer PB's - the Winform feature has been deprecated. AFAIK - there are currently no security tools that work on Classic Apps.

  Hopefully, someone else may have found software that can check C++ code. If that were the case, then M-Code compilation might generate what you need. This MS toll might work ... https://www.microsoft.com/en-us/SDL/adopt/tools.aspx


Regards ... Chris

There are no comments made yet.
  • Page :
  • 1

There are no replies made for this question yet.
However, you are not allowed to reply to this question.
We use cookies which are necessary for the proper functioning of our websites. We also use cookies to analyze our traffic, improve your experience and provide social media features. If you continue to use this site, you consent to our use of cookies.