Penetration Testing mailing list archives

Re: SAP Security

From: Rainer Duffner <duffner () fh-konstanz de>
Date: Thu, 14 Jun 2001 02:20:35 +0200 (CEST)

On Wed, 13 Jun 2001, Johann van Duyn wrote:

Hi there...

I'm planning to run a lightweight internal penetration test against some of
our servers, and have run into a snag: security information on WinNT, Unix,
Oracle, etc. is quite easy to find, but I am struggling to find anything
good on SAP R/3. Most of the stuff is very vague, or refers to securing
network transmissions against eavesdropping.

Anyone have any real information on SAP security, especially weaknesses?
:-)


I found this some time ago, the content seems to move on and off to
different sites. A good opportunity to save it to HD...

http://www.hoelzner.de/security/sap-os.html

The text is German, but mentions a "SAP Security Guide" , which is hopefully
available in other languages.


cheers,
Rainer
-- 
========================================
 Rainer Duffner , Konstanz, Germany
 eMail:  duffner () fh-konstanz de
       rainer.duffner () surf24 de
http://www-stud.fh-konstanz.de/duffner/
========================================

Current thread:

SAP Security Johann van Duyn (Jun 13)
- Re: SAP Security mht (Jun 13)
- Re: SAP Security Rainer Duffner (Jun 13)
  - Re: SAP Security Dave Piscitello (Jun 14)
- <Possible follow-ups>
- RE: SAP Security Maslyar, George (Jun 14)
- RE: SAP Security Spencer, Ed M. -ND (Jun 14)