Thursday, September 3, 2009

SAP Security - Attacking SAP Clients

http://milw0rm.com/papers/380

Business applications security is one of the most important tasks in complex information security process. Nowadays SAP platform is the most widespread platform for managing enterprise systems and store the most critical data.

None the less people still don’t attend much on a technical side of SAP security. There are some well-known problems about access control, SoD matrix and maybe SAP router security. But there are also many problems on all levels of SAP system such as: network level, operation system level, database level, application level and presentation level i.e. SAP clients.

As for SAP server security there you can give some information from Cybsec presentations on BlackHat 2007 and Blackhat 2009 where u can see how insecure SAP servers and RFC protocol.

But there is still so few information about SAP client security which can be the weak point in your company even if it has secure SAP server environment.

In this article I will be talking about basic problems in SAP client’s security. Here will be described a problem with description of basic attacks to SAP clients which can be exploited from corporate network and even from public network with getting access to corporate network and users workstation which is one step closer to the SAP servers and critical business data.

No comments:

Post a Comment