+

A Guide to SAP Exploit in Hakin9 Exploiting Software 01/2013

January 31, 2013


Magazine News Redaction Comments Off

HES_01_2013

Dear Readers,
The issue you are reading concerns SAP Exploit. It was not easy for us to find the authors fluent in the
field and to collect the best quality articles that could be published. Still, we tried hard to meet your expectations for the best and most professional content of this month’s Exploiting Software. We want to assure you that the articles, its content and the method of addressing
SAP Exploit cannot be found anywhere else but in the issue you are currently looking at. We hope the knowledge you gain after reading Exploiting Software 01/2013 is useful and help you develop your skills.
We grouped the articles published in the issue into thematic sections. These are called: SAP Tools (the articles by Sergio Abraham, Ezequiel Gutesman, and Alexander Polyakov), SAP Resources (Derick Burton and Can John Guven’s publications) and Methods of Exploitation (in the papers of Moshe Panzer, Rodrigo Salvalagio and Luiz Milagres). The issue closes with the article by Natti Nachamias who describes the way to protect SAP Systems.

You can buy this issue or buy subscription and get access to all issues on our website.

[CLICK HERE]: CREATE FREE ACCOUNT (REGISTER NEEDED FOR BUY)
[CLICK HERE]: SUBSCRIBE (300 USD/YEAR)
[CLICK HERE]: LOG IN

This text is available for purchase but you need to login or register first.

You can buy this for 14.99 USD

Please register for free account or subscribe and get access to all issues on this website!

 

SAP TOOLS
ERP Security: How to Assess SAP® Vulnerability with Open Source and Free Tools?
By Sergio Abraham Ezequiel Gutesman

SAP Application security is becoming a widely-adopted practice in the Information Security industry. In this article you will learn how to use an open source tool to perform vulnerability assessments and Penetration Tests over SAP systems, offering a wide range of modules and exploits to assess the security of these platforms. We will go through several vulnerabilities and attacks on SAP components, starting with an introduction to the overall architecture, passing through SAP application-layer vulnerabilities and finally, illustrating the possibility of achieving full access over an unsecured system – everything without even having a valid SAP user.

How (IN)Secure is SAP J2EE?
By Alexander Polyakov

It is a well-known fact that it is impossible to create 100% secure software. Software vendors have embraced the hard fact that, even if they were to triple their secure software development resources and efforts, their software will ship with unknown vulnerabilities in them and many of the vulnerabilities will be discovered and exploited. This is particularly true for complex software systems which have millions of lines of code and rely on multiple technologies from operating systems to programming languages.

SAP RESOURCES
How to Exploit SAP System Users?
By Derick Burton

SAP can often seem daunting and mysterious to those of us not initiated in the arcane mystery that it presents, and for many years the security of SAP systems rested in its obscure nature. However, as any security professional will tell you, security through obscurity is no security at all. In fact it is often worse than having no security because of the false sense of “security” it breeds.
So has been the case with SAP. What was once closed and hidden has been exposed to the harsh light of security researchers and what has been exposed has often been unpleasant.

How important is Master Data in Data Conversion?
By Can John Guven

When I was asked to write an article discussing ERP implementations, I had to give it some thought concerning the stages that will be crucial to any ERP implementation. After spending some time thinking, I came to the conclusion that data conversion and busted data governance would be the key for any of these.

METHODS OF EXPLOITATION
How to Hack SAP®?
Hands-on Methods and Scenarios Based on Xpandion’s Extensive Field Experience
By Moshe Panzer

This article deals with application security level only, providing explanations and examples pertaining to reducing business risk, protecting your enterprise’s SAP applications and identifying hackers. The article is brought to you by Moshe Panzer, CEO of Xpandion, and is based on the company’s vast experience in revealing, alerting and protecting global enterprises and businesses from fraud and data leakage.
All scenarios and methods described in this article are not mere theoretical ideas, but have been applied successfully in many cases. Hence, the importance of thoroughly reading this guide is verifying the effectiveness and reliability of solutions implemented in your organization.

How to Exploit SAP? Fast Track and General Guidelines for Exploitation
By Rodrigo Salvalagio and Luiz Milagres

Undoubtedly, SAP is the main star among ERP softwares available on the market. It’s modular concept allows business rules to be changed, large scale integration and data consistency across the enterprise. Using ERP to ensure integrated management is a fundamental part of any business, increasing the chances of business perpetuity and operations efficiency. SAP is highly comprehensive, extending to all business units and support areas, from manufacturing to the president or managing committee.

HAKIN9 EXTRA
How to Protect Your SAP Systems?
By Natti Nachamias
SAP products are common among enterprises. The most common product of SAP is the Enterprise Resource Planning (ERP) which is one of five enterprise applications in SAP’s Business Suite. The other four products are Customer Relationship Management (CRM), Product Lifecycle Management (PLM), Supply Chain Management (SCM) and Supplier Relationship Management (SRM). SAP has many other complementary products that support the SAP’s Business Suite.

You can buy this issue or buy subscription and get access to all issues on our website.

[CLICK HERE]: CREATE FREE ACCOUNT (REGISTER NEEDED FOR BUY)
[CLICK HERE]: SUBSCRIBE (300 USD/YEAR)
[CLICK HERE]: LOG IN

This text is available for purchase but you need to login or register first.

You can buy this for 14.99 USD

Please register for free account or subscribe and get access to all issues on this website!

Comments

Tagged with:


IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa