 |
 |
 |
 |
|
|
|
In this whitepaper I will be talking about the basic problems in sap client’s security. Here will be
described the problem containing description of the basic attacks to SAP clients which can be exploited
from corporate network and even from public network with getting access to corporate
network and user's workstation which is one step closer to the SAP servers and critical business
data.
Author: Alexander Polyakov
|
Business application security is one of the most important tasks in a complex information
security process. Nowadays SAP platform is the most widespread platform for managing
enterprise systems and store the most critical data.
None the less people still don’t attend much to a technical side of SAP security. There
are some well-known problems about access control, SoD matrix and probably SAP router
security. But there are also many problems on all levels of SAP system such as: network level,
operation system level, database level, application level and presentation level i.e. SAP clients.
As for SAP server security there you can get some information from Cybsec presentations
on BlackHat 2007 and Blackhat 2009 where you can see how insecure SAP servers and RFC protocol.
But there is still so few information about SAP client security which can be the weak point in
your company even if it has secure SAP server environment.
SAP_Security_-_attacking_SAP_clients.pdf, 581 KB
|
|
 |
 |
 |
 |
|
|
|
