Home page logo
/

basics logo Security Basics mailing list archives

Onapsis Research: SAP Security In-Depth Vol. I
From: Onapsis Research <research () onapsis com>
Date: Wed, 25 Nov 2009 13:54:50 -0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear colleague,

The first volume of the Onapsis' SAP Security In-Depth publication has been released.

SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing 
specialized information about
the current and future risks in the SAP security field, allowing all the different actors (financial managers, 
information security managers, SAP
administrators, auditors, consultants and the general professional community) to better understand the involved risks 
and the techniques and tools
available to assess and mitigate them.

In this edition: The risks of downwards compatibility.

"SAP has implemented different password hashing procedures along its history. While each new version has increased the 
security level of the hashing
scheme, some backward compatibility aspects not considered in the implementation phase may provide room for practical 
attacks over the users stored
credentials. Through the exploitation of these weaknesses, malicious attackers would be able to escalate privileges 
over vulnerable systems and
perform business processes on behalf other users. This volume details the evolution of the hashing mechanisms developed 
by SAP, analyzes the different
risks of attacks to this sensitive information and provides practical solutions to protect the companys SAP platform, 
effectively decreasing business
fraud risks."

The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid01

Best regards,

- --
- --------------------------------------------
The Onapsis Research Labs Team

Onapsis S.R.L
Email: research () onapsis com
Web: www.onapsis.com
PGP: http://www.onapsis.com/pgp/research.asc
- --------------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksNYVoACgkQz3i6WNVBcDWTdQCg1qr7OGGslKplh/Zr/pNSh874
zmcAoKMovBPRMfgKg6iof9sPhyIwfwO/
=3O5C
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Onapsis Research: SAP Security In-Depth Vol. I Onapsis Research (Nov 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]