Services Vulnerabilities Exploits Publications News Blog About DSecRG


SAP Security: attacking SAP clients

SAP Security: attacking SAP clients In this whitepaper I will be talking about the basic problems in sap clientís security. Here will be described the problem containing description of the basic attacks to SAP clients which can be exploited from corporate network and even from public network with getting access to corporate network and user's workstation which is one step closer to the SAP servers and critical business data.

Author: Alexander Polyakov

Business application security is one of the most important tasks in a complex information security process. Nowadays SAP platform is the most widespread platform for managing enterprise systems and store the most critical data. None the less people still donít attend much to a technical side of SAP security. There are some well-known problems about access control, SoD matrix and probably SAP router security. But there are also many problems on all levels of SAP system such as: network level, operation system level, database level, application level and presentation level i.e. SAP clients. As for SAP server security there you can get some information from Cybsec presentations on BlackHat 2007 and Blackhat 2009 where you can see how insecure SAP servers and RFC protocol. But there is still so few information about SAP client security which can be the weak point in your company even if it has secure SAP server environment.

SAP_Security_-_attacking_SAP_clients.pdf, 581 KB

Publications RSS RSS
06.06.2012
Presentation "Light and Dark side of Code Instrumentation" from CONFidence Krakow 2012

26.04.2012
Whitepaper "Python arsenal for Reverse Engineering" version 1.1

12.08.2011
Whitepaper "Architecture and program vulnerabilities in SAPís J2EE engine" from BlackHat USA 2011

06.07.2011
Whitepaper "Python arsenal for Reverse Engineering" version 1.0

Publications list


© 2002—2014, ERPScan
For quoting or using materials from this site
link is obligatory

+44 (20) 81334493    e-mail: research@dsecrg.com
Rss: Vulnerabilities, Exploits, News, Publications, Summary
Search