Re: [PEN-TEST] SAP tools

From: pete (peteat_private)
Date: Mon Apr 16 2001 - 09:37:32 PDT

Next message: bacano: "Re: [PEN-TEST] SAP tools"

Previous message: Fernando Cardoso: "[PEN-TEST] SAP tools"
In reply to: Fernando Cardoso: "[PEN-TEST] SAP tools"
Next in thread: bacano: "Re: [PEN-TEST] SAP tools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm not aware of any SAP specific tools for external pen tests but you need
to be aware of the problems with SAP routers and SAP Marketplaces.  Do some
research on the use of the SAP RFC protocol which responds to certain ports
on TCP/IP.  You may also want to investigate the xml coding they use for B2B
communication in the Business Connector.

-pete.
peteat_private
The only Open Source Security Testing Methodology Manual available at
http://www.ideahamster.org/.

-----Original Message-----
From: Penetration Testers [mailto:PEN-TESTat_private]On Behalf
Of Fernando Cardoso
Sent: Monday, 16 April, 2001 15:59
To: PEN-TESTat_private
Subject: [PEN-TEST] SAP tools


Hi all

Just wondering if someone is aware of tools for auditing SAP R/3 and
MySAP.com? I'll probably will be involved in a audit of such systems and,
besides the usual pen-test tools for the OS, I would like to try, if there's
such a thing, SAP security related tools.

TIA

Fernando

--
Fernando Cardoso - Security Consultant       WhatEverNet Computing, S.A.
Phone : +351 21 7994200                      Praca de Alvalade, 6 - Piso 6
Fax   : +351 21 7994242                      1700-036 Lisboa - Portugal
email : fernando.cardosoat_private     http://www.whatevernet.com/


_____________________________________________________________________
                      INTERNET MAIL FOOTER
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------

Next message: bacano: "Re: [PEN-TEST] SAP tools"
Previous message: Fernando Cardoso: "[PEN-TEST] SAP tools"
In reply to: Fernando Cardoso: "[PEN-TEST] SAP tools"
Next in thread: bacano: "Re: [PEN-TEST] SAP tools"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 09:44:33 PDT