COD 270 – Creating Secure COBOL & Mainframe Applications

Course Overview

This secure coding course covers countermeasures for security vulnerabilities on mainframe systems such as input validation, parameterized APIs, strong cryptography, and memory management issues.

Topics include:

• Identifying vulnerabilities and threats to mainframe applications and data
• Mitigating SQL injection threats using safe prepared statements and parameterized APIs
• Validating all input
• Using exec* functions instead of system functions to mitigate the risk of command injection
• Using key derivation functions to protect stored password
• Encrypting sensitive data at rest using AES-256
• Protecting sensitive data in transit with TLS
• Preventing deadlocks by using the ENQ and DEQ commands
• Avoiding manual memory management in order to prevent buffer overflow conditions