[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [Onapsis Research Labs] New SAP Security In-Depth issue: "Preventing Cyber-Attacks Against SAP Solution Manager"

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [Onapsis Research Labs] New SAP Security In-Depth issue: "Preventing Cyber-Attacks Against SAP Solution Manager"
From: Onapsis Research Labs <research@xxxxxxxxxxx>
Date: Wed, 04 Sep 2013 18:48:50 -0300

Dear colleague,

We are happy to announce a new issue of the Onapsis SAP Security In-Depth 
publication.

SAP Security In-Depth is a free publication led by the Onapsis Research Labs 
with the purpose of providing specialized
information about the current and future risks in this area, allowing all the 
different actors (financial managers,
information security managers, SAP administrators, auditors, consultants and 
others) to better understand the involved
risks and the techniques and tools available to assess and mitigate them.

In this edition: "Preventing Cyber-Attacks Against SAP Solution Manager", by 
Nahuel Sanchez and Juan Perez-Etchegoyen.
------
By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, 
CRM, BI, etc), making it a critical
component of any SAP implementation: if successfully exploited by an attacker, 
all the satellite SAP environments, and
therefore their business information, can be ultimately compromised.

Despite its relevance, common IT security practices have traditionally 
overlooked this component, resulting in many
insecure implementations. This issue presents key security concepts about the 
Solution Manager, introduces an in-depth
analysis of critical cyber-threats affecting it and, more importantly, outlines 
a list of mitigation techniques and
countermeasures to protect SAP Solution Manager implementations.

By understanding and leveraging this information, SAP and Information Security 
professionals can increase the overall
security level of their company's SAP platform, better protecting their 
organization's business-critical information.

------

The full publication can be downloaded from 
http://www.onapsis.com/resources/get.php?resid=ssid07

We hope you enjoy this new issue!

Kindest regards,


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [Security-news] PSA-2013-001: Drupal core - Users can insert hidden text and links
Next by Date: [Full-disclosure] [SECURITY] [DSA 2751-1] libmodplug security update
Previous by thread: [Full-disclosure] [Security-news] PSA-2013-001: Drupal core - Users can insert hidden text and links
Next by thread: [Full-disclosure] [SECURITY] [DSA 2751-1] libmodplug security update
Index(es):
- Date
- Thread