Penetration Testing mailing list archives
RE: SAP Security
From: "Maslyar, George" <george.maslyar () primark com>
Date: Thu, 14 Jun 2001 15:16:47 +0100
And I found
DCAA Guide for 6 bucks, and SAP themselves:
1. IntelligentERP
Resources Books Columns Features Editor's Notes SAP Column Archive
SAP Feature
Archive Contact Us Home Configuration Keys for Encryption The
following registry keys control the behavior of ITS (both can be found under
connects ): Type. Type of com 4/7/2001
http://www.intelligenterp.com/feature/archive/heckner.shtml
2. DCAAI 5025.2; Index of DCAA Numbered Publications; DEC 2000
Open this portion of the document in Word (99.5 KB) Document Type:
Discretionary - Defense Contract Management Agency (DCMA) Title: DCAAI
5025.2; Index of DCAA Numbered Publications; DEC 2000 DCAAI 5025.2 Index of
DCAA Numbered Publications
DEC 2000 2/23/2001
http://web.deskbook.osd.mil/reflib/DDCAA/0018I/0018Idoc.htm
-----Original Message-----
From: Rainer Duffner [mailto:duffner () fh-konstanz de]
Sent: Wednesday, June 13, 2001 8:21 PM
To: Johann van Duyn
Cc: pen-test () securityfocus com
Subject: Re: SAP Security
On Wed, 13 Jun 2001, Johann van Duyn wrote:
Hi there... I'm planning to run a lightweight internal penetration test against some
of
our servers, and have run into a snag: security information on WinNT,
Unix,
Oracle, etc. is quite easy to find, but I am struggling to find anything good on SAP R/3. Most of the stuff is very vague, or refers to securing network transmissions against eavesdropping. Anyone have any real information on SAP security, especially weaknesses? :-)
I found this some time ago, the content seems to move on and off to different sites. A good opportunity to save it to HD... http://www.hoelzner.de/security/sap-os.html The text is German, but mentions a "SAP Security Guide" , which is hopefully available in other languages. cheers, Rainer -- ======================================== Rainer Duffner , Konstanz, Germany eMail: duffner () fh-konstanz de rainer.duffner () surf24 de http://www-stud.fh-konstanz.de/duffner/ ======================================== "This communication is intended solely for the addressee and is confidential and not for third party unauthorised distribution."
Current thread:
- SAP Security Johann van Duyn (Jun 13)
- Re: SAP Security mht (Jun 13)
- Re: SAP Security Rainer Duffner (Jun 13)
- Re: SAP Security Dave Piscitello (Jun 14)
- <Possible follow-ups>
- RE: SAP Security Maslyar, George (Jun 14)
- RE: SAP Security Spencer, Ed M. -ND (Jun 14)