Close

Have questions?

Contact us today.

Subscribe me to your mailing list

SAP xMII Security

Perfect SAP Penetration testing. Part 1: Threat Modeling

Penetration test is a practice of attacking an IT infrastructure to evaluate its security and determine whether malicious actions are possible. Although it’s a typical task, the nature and methodology of a penetration test is largely dependent on the scope, aims, specifics of a client company, and many other factors.

Once ERPScan team was conducting a penetration test in a large manufacturing organization. The task was not so ordinary and easy because the number of systems in the scope was huge and little time was allotted. That’s why it was absolutely necessary to perform Threat Modelling before diving into the process of hacking. Here we decided to describe this case study in detail. This series of articles is intended to explain what SAP Penetration testing is.

The first step of every successful penetration testing is Threat Modelling. At this stage a cybersecurity professional gets understanding of business processes of a typical manufacturing company, identifies the most critical assets and associated risks. The gathered information helps a penetration tester to decide what to focus on. Read more..

Oil and Gas Cyber Security – Questions and answers

At BlackHat Europe, Alexander Polyakov, CTO at ERPScan, and Mathieu Geli delivered a presentation detailing cybersecurity issues and misconfigurations affecting the oil and gas industry. In the interview, they highlighted particular vulnerabilities in SAP and Oracle and described how they can provide a route inside a company.
Read more..