Full Disclosure mailing list archives
[Onapsis Research Labs] New SAP Security In-Depth issue: "Preventing Cyber-Attacks Against SAP Solution Manager"
From: Onapsis Research Labs <research () onapsis com>
Date: Wed, 04 Sep 2013 18:48:50 -0300
Dear colleague, We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication. SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized information about the current and future risks in this area, allowing all the different actors (financial managers, information security managers, SAP administrators, auditors, consultants and others) to better understand the involved risks and the techniques and tools available to assess and mitigate them. In this edition: "Preventing Cyber-Attacks Against SAP Solution Manager", by Nahuel Sanchez and Juan Perez-Etchegoyen. ------ By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and therefore their business information, can be ultimately compromised. Despite its relevance, common IT security practices have traditionally overlooked this component, resulting in many insecure implementations. This issue presents key security concepts about the Solution Manager, introduces an in-depth analysis of critical cyber-threats affecting it and, more importantly, outlines a list of mitigation techniques and countermeasures to protect SAP Solution Manager implementations. By understanding and leveraging this information, SAP and Information Security professionals can increase the overall security level of their company's SAP platform, better protecting their organization's business-critical information. ------ The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid07 We hope you enjoy this new issue! Kindest regards, _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Onapsis Research Labs] New SAP Security In-Depth issue: "Preventing Cyber-Attacks Against SAP Solution Manager" Onapsis Research Labs (Sep 04)