SAP Security: attacking SAP clients


In this whitepaper I will be talking about the basic problems in sap client’s security. Here will be described the problem containing description of the basic attacks to SAP clients which can be exploited from corporate network and even from public network with getting access to corporate network and user’s workstation which is one step closer to the SAP servers and critical business data.

Author: Alexander Polyakov

Business application security is one of the most important tasks in a complex information security process. Nowadays SAP platform is the most widespread platform for managing enterprise systems and store the most critical data. None the less people still don’t attend much to a technical side of SAP security. There are some well-known problems about access control, SoD matrix and probably SAP router security. But there are also many problems on all levels of SAP system such as: network level, operation system level, database level, application level and presentation level i.e. SAP clients. As for SAP server security there you can get some information from Cybsec presentations on BlackHat 2007 and Blackhat 2009 where you can see how insecure SAP servers and RFC protocol. But there is still so few information about SAP client security which can be the weak point in your company even if it has secure SAP server environment.

[styled_link link=’/wp-content/uploads/2009/09/SAP-Security-Attacking-SAP-clients.pdf’ type=’attachment’]SAP Security – attacking SAP clients[/styled_link]