| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 May 2012 20:40:57 -0300 From: Onapsis Research Labs <research@...psis.com> To: full-disclosure@...ts.grok.org.uk Subject: [Onapsis Research Labs] New SAP Security In-Depth issue: "Our Crown Jewels Online: Attacks on SAP Web Applications" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear colleague, We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication. SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized information about the current and future risks in this area, allowing all the different actors (financial managers, information security managers, SAP administrators, auditors, consultants and others) to better understand the involved risks and the techniques and tools available to assess and mitigate them. In this edition: "Our Crown Jewels Online: Attacks on SAP Web Applications", by Mariano Nunez. - ------ "SAP platforms are only accessible internally". While that was true in many organizations more than a decade ago, today, driven by modern business requirements, SAP systems are very often connected to the Internet. This scenario dramatically increases the universe of possible attackers, as malicious parties can remotely try to compromise the organization's SAP platform and perform espionage, sabotage and fraud attacks. SAP provides different Web technologies, such as the Enterprise Portal, the Internet Communication Manager (ICM) and the Internet Transaction Server (ITS), which may be prone to specific security risks. This issue analyzes possible attack vectors to SAP Web components and the measures that need to be taken in order to prevent them. This information will enable organizations to better protect their business-critical infrastructure against cyber-attacks performed over Web scenarios. - ------ The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid05 This publication summarizes part of the research and presentations we have held regarding this topic over the last year at the major security conferences. We are also going to hold two free Webinars with *live demonstrations of the attack vectors described in the publication*, so don't hesitate to join us to go deeper in the technical aspects of these threats and better understand the associated business risks. * Tuesday, May 22, 2012 3:00 PM - 4:00 PM CEST - http://bit.ly/K3C30X * Wednesday, May 23, 2012 1:00 PM - 2:00 PM EDT - http://bit.ly/KMNWHZ We hope you enjoy this new issue! Kindest regards, - -- - ------------------------------- The Onapsis Research Labs Team Onapsis, Inc. Email: research@...psis.com Tel: +1 (650) 288-6696 Web: www.onapsis.com - ------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk+sUgkACgkQz3i6WNVBcDUf6gCfdp+VExrA8pNuGEL3ShtkNHT/ w20AmwbKp3/aFc0H3vgjRzjF8cb9x7kk =uI7h -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists