lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 04 Sep 2013 18:48:50 -0300
From: Onapsis Research Labs <>
Subject: [Onapsis Research Labs] New SAP Security In-Depth
 issue: "Preventing Cyber-Attacks Against SAP Solution Manager"

Dear colleague,

We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication.

SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized
information about the current and future risks in this area, allowing all the different actors (financial managers,
information security managers, SAP administrators, auditors, consultants and others) to better understand the involved
risks and the techniques and tools available to assess and mitigate them.

In this edition: "Preventing Cyber-Attacks Against SAP Solution Manager", by Nahuel Sanchez and Juan Perez-Etchegoyen.
By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical
component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and
therefore their business information, can be ultimately compromised.

Despite its relevance, common IT security practices have traditionally overlooked this component, resulting in many
insecure implementations. This issue presents key security concepts about the Solution Manager, introduces an in-depth
analysis of critical cyber-threats affecting it and, more importantly, outlines a list of mitigation techniques and
countermeasures to protect SAP Solution Manager implementations.

By understanding and leveraging this information, SAP and Information Security professionals can increase the overall
security level of their company's SAP platform, better protecting their organization's business-critical information.


The full publication can be downloaded from

We hope you enjoy this new issue!

Kindest regards,

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists