Close

HAVE QUESTIONS?

Contact us today.

Subscribe me to your mailing list

SAP Java Security

SAP Security Notes February 2013 – Review

SAP

SAP has released the monthly critical patch update for February 2013. This patch update closes many vulnerabilities in SAP products. This month, two critical vulnerabilities found by ERPScan researchers Dmitry Chastukhin and Nikolay Mescherin were closed.
Read more..

SAP Security Notes December 2011 – Review

SAP

SAP released monthly critical patch update for December 2011. This patch update closes many vulnerabilities in SAP products. Many of those vulnerabilities were found by different experts. Traditionally ERPScan researchers Alexander Polyakov, Dmitriy Chastuchin and Alexey Tuyrin are among them with 6 newly found vulnerabilities.
Read more..

Architecture and program vulnerabilities in SAP’s J2EE engine

SAP

Whitepaper on which a presentation “A crushing blow at the heart of SAP J2EE Engine” from BlackHat USA 2011 was based.

Today, SAP NetWeaver is the most widespread platform for developing enterprise business applications. This whitepaper is focused on one of the black holes called SAP J2EE engine.

Some of the critical SAP products like SAP Portal, SAP Mobile, SAP XI and many other applications lay on J2EE engine which is apart from ABAP engine is less discussed but also critical. Here is explained the architecture of SAP’s J2EE engine and its internals. Also a number of previously unknown architecture and program vulnerabilities from auth bypasses, smbrelays, internal scans, information discloses, invoker servlet bypasses, insecure encryption algorithms and cross-system vulnerabilities in J2EE platform are discussed.

A crushing blow at the heart SAP J2EE engine whitepaper

SAP Security Notes June 2011 – Review

SAP

SAP released monthly critical patch update for June 2011. This patch updates close about 40 vulnerabilities in SAP products. 10 of those vulnerabilities were found by different experts. Traditionnaly ERPSCan researcher Dmitriy Chastuhin who found 2 vulnerabilities is among them.
Read more..