Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Onapsis Research Labs: SAP Security In-Depth Vol. II
From: Onapsis Research Labs <research () onapsis com>
Date: Wed, 24 Mar 2010 17:20:42 -0300

Dear colleague,

We would like to announce the second release of the Onapsis' SAP Security In-Depth publication.

SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing 
specialized information about
the current and future risks in the SAP security field, allowing all the different actors (financial managers, 
information security managers, SAP
administrators, auditors, consultants and the general professional community) to better understand the involved risks 
and the techniques and tools
available to assess and mitigate them.

In this edition: "SAP Knowledge Management - The risks of sharing", by Jordan Santarsieri.

"SAP Knowledge Management (SAP KM) is a central component of SAP Enterprise Portal, enabling the sharing of information 
extracted from
different data sources of the Organization in a single access point. Employees, customers, vendors and business 
partners use this platform to
interact with the data provided by the company in order to suit their different business requirements. This business 
information, available in
SAP KM, can be highly sensitive and its non-authorized access and/or manipulation imply high risks for any company.

Our experience in this field indicates that due of the lack of proper access-control implementations, combined with 
default and permissive
policies, many organizations can be exposing sensitive information through SAP Enterprise Portal to non-authorized 

This volume analyses in detail some of the risks that affect the security of SAP Knowledge Management and presents 
possible solutions in
order to mitigate them, allowing you to increase the security level of your SAP Enterprise Portal installation."

The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid02

Best regards,

The Onapsis Research Labs Team

Onapsis S.R.L
Email: research () onapsis com
Web: www.onapsis.com
PGP: http://www.onapsis.com/pgp/research.asc

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Onapsis Research Labs: SAP Security In-Depth Vol. II Onapsis Research Labs (Mar 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]