Full Disclosure mailing list archives
Onapsis Research Labs: SAP Security In-Depth Vol. II
From: Onapsis Research Labs <research () onapsis com>
Date: Wed, 24 Mar 2010 17:20:42 -0300
Dear colleague, We would like to announce the second release of the Onapsis' SAP Security In-Depth publication. SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing specialized information about the current and future risks in the SAP security field, allowing all the different actors (financial managers, information security managers, SAP administrators, auditors, consultants and the general professional community) to better understand the involved risks and the techniques and tools available to assess and mitigate them. In this edition: "SAP Knowledge Management - The risks of sharing", by Jordan Santarsieri. "SAP Knowledge Management (SAP KM) is a central component of SAP Enterprise Portal, enabling the sharing of information extracted from different data sources of the Organization in a single access point. Employees, customers, vendors and business partners use this platform to interact with the data provided by the company in order to suit their different business requirements. This business information, available in SAP KM, can be highly sensitive and its non-authorized access and/or manipulation imply high risks for any company. Our experience in this field indicates that due of the lack of proper access-control implementations, combined with default and permissive policies, many organizations can be exposing sensitive information through SAP Enterprise Portal to non-authorized parties. This volume analyses in detail some of the risks that affect the security of SAP Knowledge Management and presents possible solutions in order to mitigate them, allowing you to increase the security level of your SAP Enterprise Portal installation." The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid02 Best regards, -------------------------------------------- The Onapsis Research Labs Team Onapsis S.R.L Email: research () onapsis com Web: www.onapsis.com PGP: http://www.onapsis.com/pgp/research.asc -------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Onapsis Research Labs: SAP Security In-Depth Vol. II Onapsis Research Labs (Mar 24)