Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Onapsis Research Labs: SAP Security In-Depth Vol. II

From: Onapsis Research Labs <research () onapsis com>
Date: Wed, 24 Mar 2010 17:20:42 -0300
Dear colleague,

We would like to announce the second release of the Onapsis' SAP Security In-Depth publication.

SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing 
specialized information about
the current and future risks in the SAP security field, allowing all the different actors (financial managers, 
information security managers, SAP
administrators, auditors, consultants and the general professional community) to better understand the involved risks 
and the techniques and tools
available to assess and mitigate them.

In this edition: "SAP Knowledge Management - The risks of sharing", by Jordan Santarsieri.

"SAP Knowledge Management (SAP KM) is a central component of SAP Enterprise Portal, enabling the sharing of information 
extracted from
different data sources of the Organization in a single access point. Employees, customers, vendors and business 
partners use this platform to
interact with the data provided by the company in order to suit their different business requirements. This business 
information, available in
SAP KM, can be highly sensitive and its non-authorized access and/or manipulation imply high risks for any company.

Our experience in this field indicates that due of the lack of proper access-control implementations, combined with 
default and permissive
policies, many organizations can be exposing sensitive information through SAP Enterprise Portal to non-authorized 
parties.

This volume analyses in detail some of the risks that affect the security of SAP Knowledge Management and presents 
possible solutions in
order to mitigate them, allowing you to increase the security level of your SAP Enterprise Portal installation."


The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid02

Best regards,

--------------------------------------------
The Onapsis Research Labs Team

Onapsis S.R.L
Email: research () onapsis com
Web: www.onapsis.com
PGP: http://www.onapsis.com/pgp/research.asc
--------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: