Re: SAP Security

From: mhtat_private
Date: Wed Jun 13 2001 - 09:04:59 PDT

  • Next message: John.Curranat_private: "RE: VLAN Issue"

    SAP Weaknesses can be found if exposed to the Internet, can be exploited 
    through the HTML, SOAP, XML, Java front ends.  Some of the SAP modules also 
    do not have inherent security schemes.. In fact, many SAP implementations 
    do not implement security since it  becomes an undaunting task when various 
    SAP modules are customized.  There have been very few reported SAP security 
    vulnerabilities since major organizations do not want to hear that their 1 
    -2 billion investment has some major security vulnerabilities.  Each 
    component of SAP are just as vulnerable since implementing SAP requires 
    layering of typically off the shelf hardware and software.
    
    /mark
    
    At 01:28 PM 6/13/2001 +0200, Johann van Duyn wrote:
    >Hi there...
    >
    >I'm planning to run a lightweight internal penetration test against some of
    >our servers, and have run into a snag: security information on WinNT, Unix,
    >Oracle, etc. is quite easy to find, but I am struggling to find anything
    >good on SAP R/3. Most of the stuff is very vague, or refers to securing
    >network transmissions against eavesdropping.
    >
    >Anyone have any real information on SAP security, especially weaknesses?
    >:-)
    >
    >Thanks!
    >
    >Johann
    >
    >
    >
    >Confidentiality Notice: The information in this document and
    >attachments is confidential and may also be legally privileged.
    >It is intended only for the use of the named recipient. Internet
    >communications are not   secure and therefore British American
    >Tobacco does not accept legal responsibility for the contents of
    >this message. If you are not the intended recipient,please notify us
    >immediately and then delete this document. Do not disclose the
    >contents of this document to any other person, nor take any copies.
    >Violation of this notice may be unlawful.
    



    This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 09:07:54 PDT