|
Penetration Testing
mailing list archives
Re: Pen-Testing SAP
From: Andrew Johns <Andrew.Johns () haley com>
Date: Thu, 1 Jan 2009 13:00:57 +1100
From experience it pays to examine the db config well - it used to be the case that eg: jd edwards installed oracle
silently during the install with a known password - ChangeOnInstall - for the sysdba a/c. Thereby leaving the db wide
open to abuse...
All too many sites do not have the qualified oracle dba's and so the password is never/rarely changed. YMMV
--------------------------
Sent using BlackBerry
----- Original Message -----
From: listbounce () securityfocus com <listbounce () securityfocus com>
To: pen-test () securityfocus com <pen-test () securityfocus com>
Sent: Wed Dec 31 18:09:17 2008
Subject: Pen-Testing SAP
Hi,
Lemme wish to the members of this list a"Happy New Year" for 2009.
I was wondering about the security of Packaged solutions like SAP,Siebel & Peoplsoft with regards to pentesting them.
Are there any speciffice tests for these packages,apart from the generic set pentests which we do on the normal web
applications ?
Please let me know if there is any information in line to the above request.
Cheers
Mahendra.
Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
