Close

HAVE QUESTIONS?

Contact us today.

Subscribe me to your mailing list

SAP Portal

SAP Security Notes December 2013 – Review

SAP

SAP has released the monthly critical patch update for December 2013. This patch update closes a lot of vulnerabilities in SAP products. This month, three critical vulnerabilities found by ERPScan researchers Alexander Polyakov, George Nosenko, Alexey Tyurin, and Nikolay Mescherin were closed.
Read more..

SAP Security Notes February 2013 – Review

SAP

SAP has released the monthly critical patch update for February 2013. This patch update closes many vulnerabilities in SAP products. This month, two critical vulnerabilities found by ERPScan researchers Dmitry Chastukhin and Nikolay Mescherin were closed.
Read more..

“Breaking SAP Portal” From HackerHalted 2012

Today, SAP NetWeaver is the most widespread platform for developing enterprise business applications.  One of the most critical applications is SAP Portal. The point is that SAP Portal, unlike many other systems, is usually available from the Internet because it provides SSO access to other business critical systems from SAP and other vendors.  If a malicious hacker can get unauthorized access to SAP Portal, he can get control over all the other systems located inside the company even if they are secured by firewalls. We have done numerous security assessments of SAP Portal and found that even critical infrastructure systems like SCADA sometimes connected to Portal.  Also developers can make custom applications for Portal called IViews and those have their problems. In this talk, the security architecture of Portal itself and custom applications will be reviewed and a number of new issues will be presented that can give full control over SAP Portal.

Download slides

SAP Security Notes June 2012: focus on espionage

SAP

SAP has released monthly critical patch update for June 2012. This patch update closes many vulnerabilities in SAP products. This month, 2 vulnerabilities found by ERPScan researchers Alexander Polyakov, Dmitriy Chastukhin, Alexey Tyurin and Alexander Minozhenko were closed. The vulnerabilities affect two popular SAP platforms: SAP Portal and SAP PI, which are usually connected to untrusted networks such as the Internet or a public corporate network. Both vulnerabilities allow unauthorized access to sensitive technical and business-related information stored in a vulnerable SAP system or connected systems. Those vulnerabilities can lead to espionage actions made by competitors.
Read more..

SAP Security Notes January 2012 – Review

SAP

SAP released monthly critical patch update for January 2012. This patch update closes many vulnerabilities in SAP products. This month one critical vulnerability founded by ERPScan researchers Alexey Sintsov, Alexander Polyakov and Alexey Tuyrin was closed.
Read more..

SAP Security Notes December 2011 – Review

SAP

SAP released monthly critical patch update for December 2011. This patch update closes many vulnerabilities in SAP products. Many of those vulnerabilities were found by different experts. Traditionally ERPScan researchers Alexander Polyakov, Dmitriy Chastuchin and Alexey Tuyrin are among them with 6 newly found vulnerabilities.
Read more..