SAP Weaknesses can be found if exposed to the Internet, can be exploited through the HTML, SOAP, XML, Java front ends. Some of the SAP modules also do not have inherent security schemes.. In fact, many SAP implementations do not implement security since it becomes an undaunting task when various SAP modules are customized. There have been very few reported SAP security vulnerabilities since major organizations do not want to hear that their 1 -2 billion investment has some major security vulnerabilities. Each component of SAP are just as vulnerable since implementing SAP requires layering of typically off the shelf hardware and software. /mark At 01:28 PM 6/13/2001 +0200, Johann van Duyn wrote: >Hi there... > >I'm planning to run a lightweight internal penetration test against some of >our servers, and have run into a snag: security information on WinNT, Unix, >Oracle, etc. is quite easy to find, but I am struggling to find anything >good on SAP R/3. Most of the stuff is very vague, or refers to securing >network transmissions against eavesdropping. > >Anyone have any real information on SAP security, especially weaknesses? >:-) > >Thanks! > >Johann > > > >Confidentiality Notice: The information in this document and >attachments is confidential and may also be legally privileged. >It is intended only for the use of the named recipient. Internet >communications are not secure and therefore British American >Tobacco does not accept legal responsibility for the contents of >this message. If you are not the intended recipient,please notify us >immediately and then delete this document. Do not disclose the >contents of this document to any other person, nor take any copies. >Violation of this notice may be unlawful.
This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 09:07:54 PDT