Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The memory system includes a plurality of address spaces. The processing system is configured to perform operations including creating a data space from within a primary address space and a primary address space number access list entry referencing the data space. An unauthorized caller routine in a home address space configured to issue a service request including an address space-switching program call from the home address space to a program call target routine in the primary address space. The address space-switching program call references the primary address space number access list entry in the primary address space. A vulnerability identifier associated with the program call target routine is created and logged based on one or more conditions indicative of a cross-memory integrity violation detected responsive to the service request.

Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The processing system is configured to perform operations including setting a target register to point to a first protected storage location of the memory system resulting in a protection exception upon access, calling an authorized service, and confirming that the authorized service uses the target register based on detecting the protection exception. The target register is adjusted to point to a parameter list including one or more known values and a pointer to a second protected storage location resulting in the protection exception upon access to confirm use of a value of the parameter list responsive to calling the authorized service. Parameter list testing and target register testing is repeated for locations in the parameter list and target registers to construct a testing profile for vulnerability testing of the authorized service.

Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.

Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The memory system includes a plurality of address spaces. The processing system is configured to perform operations including creating a data space from within a primary address space and a primary address space number access list entry referencing the data space. An unauthorized caller routine in a home address space configured to issue a service request including an address space-switching program call from the home address space to a program call target routine in the primary address space. The address space-switching program call references the primary address space number access list entry in the primary address space. A vulnerability identifier associated with the program call target routine is created and logged based on one or more conditions indicative of a cross-memory integrity violation detected responsive to the service request.

Abstract: A system includes a memory system and a processing system operably coupled to the memory system. The processing system is configured to perform operations including setting a target register to point to a first protected storage location of the memory system resulting in a protection exception upon access, calling an authorized service, and confirming that the authorized service uses the target register based on detecting the protection exception. The target register is adjusted to point to a parameter list including one or more known values and a pointer to a second protected storage location resulting in the protection exception upon access to confirm use of a value of the parameter list responsive to calling the authorized service. Parameter list testing and target register testing is repeated for locations in the parameter list and target registers to construct a testing profile for vulnerability testing of the authorized service.

Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.

Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.

Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.

Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.

Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.

Abstract: A method includes receiving a message in a JavaScript object notation (JSON) format from a first processor, converting the message from the JSON format into a hypertext markup language (HTML) format, and presenting the content of the message in the HTML format to a user on a display.

Abstract: A method includes receiving a start request from a client at a launcher application programming interface (API), determining whether an existing time sharing option (TSO) address space associated with a user of the client is available, retrieving security environment data associated with the user from a security product responsive to determining that no existing TSO address space associated with a user of the client is available, saving the retrieved security environment data as a security object, generating a message queue, generating a terminal status block (TSB) and saving the terminal status block, creating a TSO address space in a processor, sending an instruction to an operating system to start the TSO address space, and sending a message queue identifier associated with the message queue and an address space token associated with the TSO address space to the client.

Abstract: A method includes receiving a start request from a client at a launcher application programming interface (API), determining whether an existing time sharing option (TSO) address space associated with a user of the client is available, retrieving security environment data associated with the user from a security product responsive to determining that no existing TSO address space associated with a user of the client is available, saving the retrieved security environment data as a security object, generating a message queue, generating a terminal status block (TSB) and saving the terminal status block, creating a TSO address space in a processor, sending an instruction to an operating system to start the TSO address space, and sending a message queue identifier associated with the message queue and an address space token associated with the TSO address space to the client.

Abstract: A method includes receiving a request for a time sharing option (TSO) address space from a client application, reserving a TSO address space in a processor, initializing a interactive system productivity facility (ISPF) session in the TSO address space, initializing a message queue associated with the TSO address space and the ISPF session, generating a unique key associated with the client application, the TSO address space, the ISPF session, and the message queue, and entering the unique key and the association of the unique key with the client application, the TSO address space, the ISPF session, and the message queue into a hash map entry.

Abstract: A method includes receiving a message in a JavaScript object notation (JSON) format from a first processor, converting the message from the JSON format into a hypertext markup language (HTML) format, and presenting the content of the message in the HTML format to a user on a display.