[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Onapsis Research Labs: SAP Security In-Depth Vol. II

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Onapsis Research Labs: SAP Security In-Depth Vol. II
From: Onapsis Research Labs <research@xxxxxxxxxxx>
Date: Wed, 24 Mar 2010 17:20:42 -0300

Dear colleague,

We would like to announce the second release of the Onapsis' SAP Security 
In-Depth publication.

SAP Security In-Depth is a free technical publication leaded by the Onapsis 
Research Labs with the purpose of providing specialized information about
the current and future risks in the SAP security field, allowing all the 
different actors (financial managers, information security managers, SAP
administrators, auditors, consultants and the general professional community) 
to better understand the involved risks and the techniques and tools
available to assess and mitigate them.

In this edition: "SAP Knowledge Management - The risks of sharing", by Jordan 
Santarsieri.

"SAP Knowledge Management (SAP KM) is a central component of SAP Enterprise 
Portal, enabling the sharing of information extracted from
different data sources of the Organization in a single access point. Employees, 
customers, vendors and business partners use this platform to
interact with the data provided by the company in order to suit their different 
business requirements. This business information, available in
SAP KM, can be highly sensitive and its non-authorized access and/or 
manipulation imply high risks for any company.

Our experience in this field indicates that due of the lack of proper 
access-control implementations, combined with default and permissive
policies, many organizations can be exposing sensitive information through SAP 
Enterprise Portal to non-authorized parties.

This volume analyses in detail some of the risks that affect the security of 
SAP Knowledge Management and presents possible solutions in
order to mitigate them, allowing you to increase the security level of your SAP 
Enterprise Portal installation."


The full publication can be downloaded from 
http://www.onapsis.com/resources/get.php?resid=ssid02

Best regards,

--------------------------------------------
The Onapsis Research Labs Team

Onapsis S.R.L
Email: research@xxxxxxxxxxx
Web: www.onapsis.com
PGP: http://www.onapsis.com/pgp/research.asc
--------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Administrivia: An Experiment
Next by Date: [Full-disclosure] Vulnerabilities in WeBAM
Previous by thread: [Full-disclosure] /tmp symlink file clobbering with Solaris Update Manager
Next by thread: [Full-disclosure] Vulnerabilities in WeBAM
Index(es):
- Date
- Thread