Vulnerability detected by ERPScan specialists, allowing to manipulate HTTP headings for the authentication bypass in SAP WEB applications, got into the list of the most dangerous threads presented at the recent BlackHat and Defcon along with such researches as vulnerabilities in Siemens PLC, machine theft by the commands’ emulation via wireless interface, remote disconnection of insulin pumps and other no less dangerous hacks.

10 scariest hacks from Black Hat and Defcon

Because of the criticality of the detected vulnerability, ERPScan developed free utility ERPScan web.xml checker, which is a part of ERPScan Security scanner for SAP and allows to check the J2EE security settings of SAP applications for the presence of 9 different configuration mistakes, what can help administrator to set the system securely by himself and understand, where the lacks are.