lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2592da55363c888a2f33f08a670ec6ae.squirrel@email.hostcentric.com>
Date: Wed, 10 Feb 2010 08:01:34 -0500
From: "CYBSEC Labs" <cybseclabs@...sec.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Cybsec launches a new free software to assess
 security level in SAP landscapes

Cybsec-Labs, the research laboratory of Cybsec Security Systems, is proud
to announce the launching of SAFE Free, a free software to assess the
security level in SAP R/3 landscapes.

With SAFE Free you will automatically and easily learn if a SAP
installation is fulfilling the main security requirements demanded by
audits and international regulations (Sarbanes Oxley Act, HIPAA, PCI,
CobIT, etc.).

SAFE Free is focused on facilitating and speeding up security verification
activities performed by those in charge of the SAP landscape maintenance
and security control.

SAFE Free is the result of the experience gained and the research
conducted by Cybsec engineers, and it becomes the natural complement of
SAPyto ( http://www.cybsec.com/EN/research/sapyto.php ), the leading free
software for SAP landscape Penetration Testing.

SAFE Free performs a thorough analysis of configuration, authorization,
communications, and other parameters in the SAP installation and compares
them to international best practices; results are shown in reports
indicating the target value to be achieved.

The SAFE FREE includes 50 plug-ins covering different security aspects
(access, audit, authorization, Basis, communications and users) of a SAP
installation, being some of them as follows:

•	Implemented security policies
•	Dynamic audit status
•	Status of table modifications control
•	Patch implementation on the target system
•	Authorization objects associated to customized transactions
•	Custom programs with associated transaction
•	Execution of programs though the SAP Gateway
•	ICM Status
•	Configured virtual services
•	Systems with which trust relationships are kept
•	Users lacking an associated profile
•	Users with SAP_ALL that were not specified in contextual options

SAFE FREE is available for SAP Netweaver 7.0, 7.1 and 6.4, under Windows
with the Oracle database, MS SQL Server, IBM DB2, SAP liveCache Technology
or Informix.

Download SAFE FREE Version http://www.cybsec.com/EN/research/safe.php

Download full list of plugins
http://www.cybsec.com/EN/research/Plugins_SAFE_Free.pdf

For further information on specific SAP Security services, go to the SAP
Security section. http://www.cybsec.com/EN/services/SAP_security.php


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ