ERP Database - The Unofficial ERP Knowledge Base

Facebook Twitter del.icio.us Digg it
ERP Database contains a huge collection of articles related to ERP System and Software. Many of the articles are specifically related to SAP. All these ERP/SAP articles are freely available to everyone.

If you would like to submit an article or share any document related to ERP or any specific ERP software. Please mail it to support@erpdb.info. Please make sure that the documents are not copyrighted.
Social Bookmarks:

Exploiting SAP Internals – Security Analysis

Print This Post Email This Post Written by admin on Jul 23rd, 2009 | Filed under: Security

SAP security is still a dark world. Very little information can be found on the net and almost all questions relating to the safety assessment of these applications remains unanswered. This paper intends to bring some light into that world, the results of a safety analysis performed on the interface for implementing SAP RFC.

SAP RFC interface is the heart of the communication between SAP systems, and between SAP and external software. Almost all systems that want to interact with SAP systems is using the RFC interface. As indicated by SAP: “The RFC Library is the most commonly used and installed in the existing SAP software”.

This document describes the vulnerabilities discovered in the RFC library and the security impact. In addition, advanced attacks, exploitation of errors default configurations and design flaws in the interface implementation, are presented and explained. Finally, it provides solutions and proposed configurations away from the description of attacks and vulnerabilities.

Download/view the ebook (1832).

Share

If you like this post, you may as well like these too:

  1. Exploiting SAP Internals A Security Analysis of the RFC Interface Implementation SAP security is still a dark world. Very little information can be found on the Net and almost every question related to...
    2.
  2. SAP HR Security Article on SAP HR Security Introduces you to the SAP HR Security and also contains about SAP HR Asymmetrical Double verification, Structural authorization and Tips and Tricks on HR Security....
    3.
  3. MaxDB Internals MaxDB Internals: Version 7.6 Download from Rapidshare or Mediafire Introduction to MaxDB Internals Introduction to Query Optimization Logging Error Diagnosis Kernel Parameters SQL Locks Performance Analysis No-Reorganization Principle Data Storage...
    4.
  4. An Expert Guide to New SAP BI Security Features In this session you will … Learn how to grant access to data on various levels of detail Find out how the new analysis authorizations compare to the old concept...
    5.
  5. Netweaver 2004 Security Guides Compiled collection of all the security guides in SAP. This is a must have for any one interested in learning SAP Security. Download from rapidshare or mediafire. Contains the files...
    6.
  6. Account Based Profitability Analysis and Costing Based Profitability Analysis Differences Account based Profitability analysis is a form of Profitability analysis (PA) that uses accounts as its base and has an account based approach. It uses costs and revenue elements....
    7.
  7. SAP Controlling FAQs – Variance Analysis 1.    What is the purpose of variance analysis? Variance analysis is used to calculate and interpret differences between planned costs and actual cost within a cost center or cost center...
    8.


No Comments Get FREE daily updates by RSS or e-mail

Leave a Reply