[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [Onapsis Research Labs] New SAP Security In-Depth issue: "Our Crown Jewels Online: Attacks on SAP Web Applications"

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [Onapsis Research Labs] New SAP Security In-Depth issue: "Our Crown Jewels Online: Attacks on SAP Web Applications"
From: Onapsis Research Labs <research@xxxxxxxxxxx>
Date: Thu, 10 May 2012 20:40:57 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear colleague,

We are happy to announce a new issue of the Onapsis SAP Security In-Depth 
publication.

SAP Security In-Depth is a free publication led by the Onapsis Research Labs 
with the purpose of providing specialized information about the current
and future risks in this area, allowing all the different actors (financial 
managers, information security managers, SAP administrators, auditors,
consultants and others) to better understand the involved risks and the 
techniques and tools available to assess and mitigate them.

In this edition: "Our Crown Jewels Online: Attacks on SAP Web Applications", by 
Mariano Nunez.
- ------
"SAP platforms are only accessible internally". While that was true in many 
organizations more than a decade ago, today, driven by modern business
requirements, SAP systems are very often connected to the Internet. This 
scenario dramatically increases the universe of possible attackers, as
malicious parties can remotely try to compromise the organization's SAP 
platform and perform espionage, sabotage and fraud attacks.

SAP provides different Web technologies, such as the Enterprise Portal, the 
Internet Communication Manager (ICM) and the Internet Transaction Server
(ITS), which may be prone to specific security risks.

This issue analyzes possible attack vectors to SAP Web components and the 
measures that need to be taken in order to prevent them. This information
will enable organizations to better protect their business-critical 
infrastructure against cyber-attacks performed over Web scenarios.
- ------

The full publication can be downloaded from 
http://www.onapsis.com/resources/get.php?resid=ssid05

This publication summarizes part of the research and presentations we have held 
regarding this topic over the last year at the major security conferences.

We are also going to hold two free Webinars with *live demonstrations of the 
attack vectors described in the publication*, so don't hesitate to join
us to go deeper in the technical aspects of these threats and better understand 
the associated business risks.

        * Tuesday, May 22, 2012 3:00 PM - 4:00 PM CEST - http://bit.ly/K3C30X
        * Wednesday, May 23, 2012 1:00 PM - 2:00 PM EDT - http://bit.ly/KMNWHZ

We hope you enjoy this new issue!

Kindest regards,

- -- 
- -------------------------------
The Onapsis Research Labs Team
Onapsis, Inc.

Email: research@xxxxxxxxxxx
Tel: +1 (650) 288-6696
Web: www.onapsis.com
- -------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk+sUgkACgkQz3i6WNVBcDUf6gCfdp+VExrA8pNuGEL3ShtkNHT/
w20AmwbKp3/aFc0H3vgjRzjF8cb9x7kk
=uI7h
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDVSA-2012:072 ] roundcubemail
Next by Date: [Full-disclosure] [SECURITY] [DSA 2469-1] linux-2.6 security update
Previous by thread: [Full-disclosure] [ MDVSA-2012:072 ] roundcubemail
Next by thread: [Full-disclosure] [SECURITY] [DSA 2469-1] linux-2.6 security update
Index(es):
- Date
- Thread