[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4FAC5209.2030604@onapsis.com>
Date: Thu, 10 May 2012 20:40:57 -0300
From: Onapsis Research Labs <research@...psis.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [Onapsis Research Labs] New SAP Security In-Depth
issue: "Our Crown Jewels Online: Attacks on SAP Web Applications"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear colleague,
We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication.
SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized information about the current
and future risks in this area, allowing all the different actors (financial managers, information security managers, SAP administrators, auditors,
consultants and others) to better understand the involved risks and the techniques and tools available to assess and mitigate them.
In this edition: "Our Crown Jewels Online: Attacks on SAP Web Applications", by Mariano Nunez.
- ------
"SAP platforms are only accessible internally". While that was true in many organizations more than a decade ago, today, driven by modern business
requirements, SAP systems are very often connected to the Internet. This scenario dramatically increases the universe of possible attackers, as
malicious parties can remotely try to compromise the organization's SAP platform and perform espionage, sabotage and fraud attacks.
SAP provides different Web technologies, such as the Enterprise Portal, the Internet Communication Manager (ICM) and the Internet Transaction Server
(ITS), which may be prone to specific security risks.
This issue analyzes possible attack vectors to SAP Web components and the measures that need to be taken in order to prevent them. This information
will enable organizations to better protect their business-critical infrastructure against cyber-attacks performed over Web scenarios.
- ------
The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid05
This publication summarizes part of the research and presentations we have held regarding this topic over the last year at the major security conferences.
We are also going to hold two free Webinars with *live demonstrations of the attack vectors described in the publication*, so don't hesitate to join
us to go deeper in the technical aspects of these threats and better understand the associated business risks.
* Tuesday, May 22, 2012 3:00 PM - 4:00 PM CEST - http://bit.ly/K3C30X
* Wednesday, May 23, 2012 1:00 PM - 2:00 PM EDT - http://bit.ly/KMNWHZ
We hope you enjoy this new issue!
Kindest regards,
- --
- -------------------------------
The Onapsis Research Labs Team
Onapsis, Inc.
Email: research@...psis.com
Tel: +1 (650) 288-6696
Web: www.onapsis.com
- -------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk+sUgkACgkQz3i6WNVBcDUf6gCfdp+VExrA8pNuGEL3ShtkNHT/
w20AmwbKp3/aFc0H3vgjRzjF8cb9x7kk
=uI7h
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists