Penetration Testing mailing list archives
RE: SAP Security
From: "Maslyar, George" <george.maslyar () primark com>
Date: Thu, 14 Jun 2001 15:16:47 +0100
And I found DCAA Guide for 6 bucks, and SAP themselves: 1. IntelligentERP Resources Books Columns Features Editor's Notes SAP Column Archive SAP Feature Archive Contact Us Home Configuration Keys for Encryption The following registry keys control the behavior of ITS (both can be found under connects ): Type. Type of com 4/7/2001 http://www.intelligenterp.com/feature/archive/heckner.shtml 2. DCAAI 5025.2; Index of DCAA Numbered Publications; DEC 2000 Open this portion of the document in Word (99.5 KB) Document Type: Discretionary - Defense Contract Management Agency (DCMA) Title: DCAAI 5025.2; Index of DCAA Numbered Publications; DEC 2000 DCAAI 5025.2 Index of DCAA Numbered Publications DEC 2000 2/23/2001 http://web.deskbook.osd.mil/reflib/DDCAA/0018I/0018Idoc.htm -----Original Message----- From: Rainer Duffner [mailto:duffner () fh-konstanz de] Sent: Wednesday, June 13, 2001 8:21 PM To: Johann van Duyn Cc: pen-test () securityfocus com Subject: Re: SAP Security On Wed, 13 Jun 2001, Johann van Duyn wrote:
Hi there... I'm planning to run a lightweight internal penetration test against some
of
our servers, and have run into a snag: security information on WinNT,
Unix,
Oracle, etc. is quite easy to find, but I am struggling to find anything good on SAP R/3. Most of the stuff is very vague, or refers to securing network transmissions against eavesdropping. Anyone have any real information on SAP security, especially weaknesses? :-)
I found this some time ago, the content seems to move on and off to different sites. A good opportunity to save it to HD... http://www.hoelzner.de/security/sap-os.html The text is German, but mentions a "SAP Security Guide" , which is hopefully available in other languages. cheers, Rainer -- ======================================== Rainer Duffner , Konstanz, Germany eMail: duffner () fh-konstanz de rainer.duffner () surf24 de http://www-stud.fh-konstanz.de/duffner/ ======================================== "This communication is intended solely for the addressee and is confidential and not for third party unauthorised distribution."
Current thread:
- SAP Security Johann van Duyn (Jun 13)
- Re: SAP Security mht (Jun 13)
- Re: SAP Security Rainer Duffner (Jun 13)
- Re: SAP Security Dave Piscitello (Jun 14)
- <Possible follow-ups>
- RE: SAP Security Maslyar, George (Jun 14)
- RE: SAP Security Spencer, Ed M. -ND (Jun 14)