Bugtraq mailing list archives
CYBSEC Release: SAP Security - Paper & Tool release
From: Mariano Nuñez Di Croce <mnunez () cybsec com>
Date: Wed, 04 Apr 2007 10:03:44 -0300
I am proud to announce the release of a White-paper and an open-source tool, both addressing security of SAP R/3 systems. The paper describes vulnerabilities discovered in the SAP RFC interface implementation and library, as well as some attacks that can be performed over SAP systems. The tool, sapyto (v0.93), is the first public framework for carrying out Penetration Tests over SAP R/3 deployments. It is shipped with many plugins to test for vulnerabilities discovered in our research and also launch different types of attacks. You can find these resources at the following links: . Paper: http://www.cybsec.com/upload/CYBSEC-Whitepaper-Exploiting_SAP_Internals.pdf . sapyto: http://www.cybsec.com/vuln/tools/sapyto.tgz Don't hesitate to send me any comments/suggestions! Best Regards, -- ----------------------------------------- Mariano Nuñez Di Croce CYBSEC S.A. Security Systems Email: mnunez () cybsec com Tel/Fax: (54-11) 4371-4444 Web: http://www.cybsec.com PGP: http://www.cybsec.com/pgp/mnunez.txt -----------------------------------------
Current thread:
- CYBSEC Release: SAP Security - Paper & Tool release Mariano Nuñez Di Croce (Apr 04)