[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5227AAC2.7000708@onapsis.com>
Date: Wed, 04 Sep 2013 18:48:50 -0300
From: Onapsis Research Labs <research@...psis.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [Onapsis Research Labs] New SAP Security In-Depth
issue: "Preventing Cyber-Attacks Against SAP Solution Manager"
Dear colleague,
We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication.
SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized
information about the current and future risks in this area, allowing all the different actors (financial managers,
information security managers, SAP administrators, auditors, consultants and others) to better understand the involved
risks and the techniques and tools available to assess and mitigate them.
In this edition: "Preventing Cyber-Attacks Against SAP Solution Manager", by Nahuel Sanchez and Juan Perez-Etchegoyen.
------
By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical
component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and
therefore their business information, can be ultimately compromised.
Despite its relevance, common IT security practices have traditionally overlooked this component, resulting in many
insecure implementations. This issue presents key security concepts about the Solution Manager, introduces an in-depth
analysis of critical cyber-threats affecting it and, more importantly, outlines a list of mitigation techniques and
countermeasures to protect SAP Solution Manager implementations.
By understanding and leveraging this information, SAP and Information Security professionals can increase the overall
security level of their company's SAP platform, better protecting their organization's business-critical information.
------
The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid07
We hope you enjoy this new issue!
Kindest regards,
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists