Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (3)

Resolved Regarding VAPT

  1. How-to
0
Votes
Undo
  1. SHAMEEM KAKKAD
    SHAMEEM KAKKAD
  2. PowerBuilder
  3. Thursday, 16 May 2024 06:46 AM UTC

Hi Appeon Team,

Just before 2 days, we given our application which we created in Appeon 2022 R2 (1892) for the penetration test and they replied your application is reading more than 100 dlls like PBVM.dll, PBSHR.dll, PBUIS.dll etc.....

 

Attached the report..

 

 

What we do ?

Attachments (1)
High Vulnerability Report.pdf
Can we connect to different servers through config...
application startup runtime options - /debug and o...
Responses (3)
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Thursday, 16 May 2024 14:42 PM UTC
  2. PowerBuilder
  3. # 1

Hi  SHAMEEM;

  I am not sure what the issue is as Appeon has always signed all of it's PB runtime DLLs.

Regards .. Chris

Comment
SHAMEEM KAKKAD
  1. SHAMEEM KAKKAD
  2. Friday, 17 May 2024 05:45 AM UTC
But, they said this kind of problems are seen in any application, it should not be sold in the market and government will ban directly.
  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Friday, 17 May 2024 05:47 AM UTC
Chris,

IMHO.

The issue pointed out in the report is that if a signed DLL is replaced by an un-signed vulnerable program, how to detect and prevent its execution.

  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Friday, 17 May 2024 05:51 AM UTC
Shall a self-contained exe (with runtime(s)) do the trick?
  1. Helpful
There are no comments made yet.
Armeen Mazda @Appeon
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Thursday, 16 May 2024 15:27 PM UTC
  2. PowerBuilder
  3. # 2

Hi Shaheem, Please open a support ticket and let our product engineering team look into this: https://www.appeon.com/standardsupport/newbug

Make sure to attached the report to the support ticket.

Comment
There are no comments made yet.
John Fauss
John Fauss Accepted Answer Pending Moderation
  1. Thursday, 16 May 2024 15:37 PM UTC
  2. PowerBuilder
  3. # 3

Hi, Shameem -

Perhaps the use of the PowerClient feature (added to PB in version 2019 R3) to deploy and execute the PB application would address this issue?

Here is a link to an overview description of what PowerClient provides:

    https://docs.appeon.com/pb2019r3/whats_new/PowerClient.html

The following link describes working with PowerClient project using PB 2022 R2:

    https://docs.appeon.com/pb2022r2/pbug/creating_a_powerclient_project.html

Best regards, John

 

Comment
SHAMEEM KAKKAD
  1. SHAMEEM KAKKAD
  2. Friday, 17 May 2024 05:32 AM UTC
Have some internal (our developing team) issue to do the same.
  1. Helpful
Chris Pollach @Appeon
  1. Chris Pollach @Appeon
  2. Friday, 17 May 2024 13:47 PM UTC
Hi John;

Since PowerClient and PowerServer App's are installed & run *locally* along with the PB runtime DLLs, these options will not change all these PBXxxxxx.dll's being read by the PB runtime. The only difference is that the App & the PB runtime are deployed via a Web Server vs an installer (ie: like InstallSheild).

Regards .. Chris
  1. Helpful 1
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.