lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4BAA741A.8030608@onapsis.com>
Date: Wed, 24 Mar 2010 17:20:42 -0300
From: Onapsis Research Labs <research@...psis.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Onapsis Research Labs: SAP Security In-Depth Vol.
	II

Dear colleague,

We would like to announce the second release of the Onapsis' SAP Security In-Depth publication.

SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing specialized information about
the current and future risks in the SAP security field, allowing all the different actors (financial managers, information security managers, SAP
administrators, auditors, consultants and the general professional community) to better understand the involved risks and the techniques and tools
available to assess and mitigate them.

In this edition: "SAP Knowledge Management - The risks of sharing", by Jordan Santarsieri.

"SAP Knowledge Management (SAP KM) is a central component of SAP Enterprise Portal, enabling the sharing of information extracted from
different data sources of the Organization in a single access point. Employees, customers, vendors and business partners use this platform to
interact with the data provided by the company in order to suit their different business requirements. This business information, available in
SAP KM, can be highly sensitive and its non-authorized access and/or manipulation imply high risks for any company.

Our experience in this field indicates that due of the lack of proper access-control implementations, combined with default and permissive
policies, many organizations can be exposing sensitive information through SAP Enterprise Portal to non-authorized parties.

This volume analyses in detail some of the risks that affect the security of SAP Knowledge Management and presents possible solutions in
order to mitigate them, allowing you to increase the security level of your SAP Enterprise Portal installation."


The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid02

Best regards,

--------------------------------------------
The Onapsis Research Labs Team

Onapsis S.R.L
Email: research@...psis.com
Web: www.onapsis.com
PGP: http://www.onapsis.com/pgp/research.asc
--------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ