A Simple Method for Fingerprinting SAP BusinessObjects
The main component of a BusinessObjects installation is the Central Management Server (CMS). It’s rarely changed and default TCP port is 6400. A simple way to identify if you are communicating with a...
View ArticleDon’t be hoisted by your own petard
In the closing stages of Victor Hugo’s Les Misérables the chief character, Jean Valjean, while carrying another key character seeks to evade the authorities. He does so by traveling through the sewers...
View ArticleAnalyzing SAP Security Notes January 2014 Edition
SAP is a complex and ever evolving implementation; whether that is through changes introduced to your SAP implementation to better serve the business or the newly disclosed vulnerabilities targeting...
View ArticleSecurity Geeks Introduction to SAP – RFC Destinations
As means of a background, I have been in the security field, specifically the pro-active testing (penetration testing) side of security for over a decade. As part of my role I would present at public...
View ArticleAnalyzing SAP Security Notes February 2014 Edition
SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or applying Security Notes (Patches) to ensure that newly...
View ArticleSecuring Your SAP Through Research
In the latest Notes Tuesday Onapsis was credited with discovering and reporting almost half (10 out of 23) of the vulnerabilities addressed by SAP (or alternatively three quarters or one third,...
View ArticleSAP Application Users: You can finally sleep at night!
Guest post from: Pete Nicoletti, CISO, Virtustream As an SAP user, you’re well aware of and are enjoying the benefits of the world best ERP system. The information that you create and use contributes...
View ArticleLeveraging the Security Audit Log (SAL)
Hi! Today I was reviewing some events generated for the Security Audit Log and noticed an interesting behavior. For those who are not familiar with it, the Security Audit Log (SAL) allows SAP security...
View ArticleAnalyzing SAP Security Notes September 2014 Edition
SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or through the application of Security Notes (Patches) to ensure...
View ArticleAnalyzing SAP Security Notes October 2014 Edition
UPDATE (November 4, 2014): Note 2043404 has been rereleased with an updated priority. The priority was increased from medium to very high. The new CVSS for this Note is 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)...
View ArticleAnalyzing SAP Security Notes November 2014
SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or through the application of Security Notes (Patches) to ensure...
View ArticleAnalyzing SAP Security Notes December 2014 Edition
High-profile risk threats identified by Onapsis Research Labs experts reveals that unauthorized users could access business-critical applications leveraging SAP BusinessObjects SAP is a complex and...
View ArticleAnalyzing SAP Security Notes January 2015 Edition
NEW NOTE (January 21, 2015): Note 2120370 has been released after the official SAP post of January 12nd. The note extends the security note 2001109, covering further affected releases (BI 4.1 SP04...
View ArticleAnalyzing SAP Security Notes February 2015 Edition
SAP is a complex and ever changing system, whether because of changes introduced to SAP implementation to better suit the business, or through the application of Security Notes (Patches) to ensure that...
View ArticleAnalyzing SAP Security Notes March 2015 Edition
SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business, or through the application of Security Notes (Patches) to...
View ArticleThe Evolving SAP Cyber-Security Landscape
Stephen Higgins, Senior Vice President of Customer Experience, Services and Solutions at Onapsis $1.3 billion lost an hour! This is what one of our global customer’s estimates is the impact to their...
View ArticleAnalyzing SAP Security Notes April 2015 Edition
SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business, or through the application of Security Notes (Patches) to...
View ArticleChinese most likely using one of top three most common SAP exploits, as...
The Hill publication reported on November 3, 2014 that Chinese hackers roamed around unnoticed for months inside the network of USIS, is the biggest commercial provider of background investigations to...
View Article
More Pages to Explore .....