Exploiting SAP Internals

A Security Analysis of the RFC Interface Implementation

SAP security is still a dark world. Very little information can be found on the Net and almost every question related to security assessment of these applications remains unanswered. This paper has the intention of bringing some light into that world, providing the results of a security analysis performed over the SAP RFC interface implementation.

SAP RFC interface is the heart of communications between SAP systems, and between SAP and external software. Almost every system that wants to interact with SAP systems does so using the RFC interface. As stated by SAP: “The RFC library is the most commonly used and installed component of existing SAP software”.

This paper describes vulnerabilities discovered in the RFC Library and their security impact. Furthermore, advanced attacks, exploiting default mis-configurations and design flaws in the interface implementation, are presented and explained. Finally, it provides solutions and suggested configurations to protect from described attacks and vulnerabilities..

Download/View the Full Article

If you like this post, you may as well like these too:

1. Exploiting SAP Internals – Security Analysis SAP security is still a dark world. Very little information can be found on the net and almost all questions relating to the safety assessment of these applications remains unanswered....
2. MaxDB Internals MaxDB Internals: Version 7.6 Download from Rapidshare or Mediafire Introduction to MaxDB Internals Introduction to Query Optimization Logging Error Diagnosis Kernel Parameters SQL Locks Performance Analysis No-Reorganization Principle Data Storage...