mailing list archives
[Onapsis Research Labs] New SAP Security In-Depth issue: "Our Crown Jewels Online: Attacks on SAP Web Applications"
From: Onapsis Research Labs <research () onapsis com>
Date: Thu, 10 May 2012 20:40:57 -0300
-----BEGIN PGP SIGNED MESSAGE-----
We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication.
SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized
information about the current
and future risks in this area, allowing all the different actors (financial managers, information security managers,
SAP administrators, auditors,
consultants and others) to better understand the involved risks and the techniques and tools available to assess and
In this edition: "Our Crown Jewels Online: Attacks on SAP Web Applications", by Mariano Nunez.
"SAP platforms are only accessible internally". While that was true in many organizations more than a decade ago,
today, driven by modern business
requirements, SAP systems are very often connected to the Internet. This scenario dramatically increases the universe
of possible attackers, as
malicious parties can remotely try to compromise the organization's SAP platform and perform espionage, sabotage and
SAP provides different Web technologies, such as the Enterprise Portal, the Internet Communication Manager (ICM) and
the Internet Transaction Server
(ITS), which may be prone to specific security risks.
This issue analyzes possible attack vectors to SAP Web components and the measures that need to be taken in order to
prevent them. This information
will enable organizations to better protect their business-critical infrastructure against cyber-attacks performed over
The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid05
This publication summarizes part of the research and presentations we have held regarding this topic over the last year
at the major security conferences.
We are also going to hold two free Webinars with *live demonstrations of the attack vectors described in the
publication*, so don't hesitate to join
us to go deeper in the technical aspects of these threats and better understand the associated business risks.
* Tuesday, May 22, 2012 3:00 PM - 4:00 PM CEST - http://bit.ly/K3C30X
* Wednesday, May 23, 2012 1:00 PM - 2:00 PM EDT - http://bit.ly/KMNWHZ
We hope you enjoy this new issue!
The Onapsis Research Labs Team
Email: research () onapsis com
Tel: +1 (650) 288-6696
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- [Onapsis Research Labs] New SAP Security In-Depth issue: "Our Crown Jewels Online: Attacks on SAP Web Applications" Onapsis Research Labs (May 10)