Leading SAP AG partner in discovering and solving security vulnerabilities                             What is DSecRG?          

About

ERPScan have it's own research center focused on ERP and SAP security.

Mission

The primary mission of ERPScan Research is to conduct researches of business critical systems such as ERP, CRM, SRM, BI and others developed by SAP and other vendors. The result of this work is then integrated in the ERPScan security scanner. Being on the cutting edge of ERP and SAP security ERPScan research helps to improve a quality of ERPScan consulting services and protects you from the latest threads.

Research

Results of research in ERP security area are published on this site in form of Advisories, Whitepapers and blog entries.

Public work

Our experts are frequent speakers in prime International conferences held in USA, EUROPE, CEMEA and ASIA such as BlackHat, HITB, HackerHalted, SourceBarcelona, Deepsec, Confedence, Troopers, T2, SecurityByte, Infosecurity.

Acknowledgements

ERPScan researchers gain multiple acknowledgements from biggest software vendors like SAP, Oracle, IBM, VMware, Adobe, HP, Kasperskiy, Apache, Alcatel and others for founding vulnerabilities in their solutions.

"The SAP Product Security Response Team thanks all researchers and security IT professionals that helped with discovering and solving security vulnerabilities. Their findings have helped SAP to maintain the security and safety of its customers and partners SAP systems.

Our acknowledgements page lists those professionals we have worked with successfully in the past. We thank all security researchers for their excellent work and hope to continue the fruitful relationship between security professionals and SAP. "

SAP
Source

"The following people or organizations discovered and brought security vulnerabilities addressed by this Critical Patch Update to Oracle's attention: Alexander Polyakov of DSecRG, Alexey Sintsov of DSecRG, Dmitriy Evdokomov of DSecRG."

ORACLE
Source

"Oracle provides recognition to people that have contributed to our Security-In-Depth program (see FAQ). People are recognized for Security-In-Depth contributions if they provide information, observations or suggestions pertaining to security vulnerability issues that result in significant modification of Oracle code or documentation in future releases For this Critical Patch Update, Oracle recognizes Alexandr Polyakov of DSecRG for contributions to Oracle's Security-In-Depth program."

ORACLE
Source

"VMware would like to thank Alexey Sintsov from Digital Security Research Group [DSecRG] for reporting this issue to us. The issue is identifed as DSECRG-09-058 by Digital Security Research Group."

VMWare
Source

"The Hewlett-Packard Company thanks Digital Security Research Group (dsecrg.com) for reporting these vulnerabilities to security-alert@hp.com."

HP

Other references: http://dsecrg.com/pages/about/references/

Management

The head of ERPScan is Alexander Polyakov who is also the CTO of ERPSCAN. He, being the expert of enterprise applications and database security, found a lot of vulnerabilities in the products of such vendors as SAP, Oracle and many others. Alexander wrote multiple whitepapers about enterprise application security. He is the author of book "Oracle Security from the Eye of the auditor: Attack and Defense".

Policy

ERPScan is committed to the principles of full disclosure, while the collaboration with software vendors and vulnerability publishing is carried out in accordance with it's own policy.