[Onapsis Research Labs] New SAP Security In-Depth issue: "Our Crown Jewels Online: Attacks on SAP Web Applications"

[Onapsis Research Labs <research () onapsis com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear colleague,

We are happy to announce a new issue of the Onapsis SAP Security In-Depth publication.

SAP Security In-Depth is a free publication led by the Onapsis Research Labs with the purpose of providing specialized 
information about the current
and future risks in this area, allowing all the different actors (financial managers, information security managers, 
SAP administrators, auditors,
consultants and others) to better understand the involved risks and the techniques and tools available to assess and 
mitigate them.

In this edition: "Our Crown Jewels Online: Attacks on SAP Web Applications", by Mariano Nunez.
- ------
"SAP platforms are only accessible internally". While that was true in many organizations more than a decade ago, 
today, driven by modern business
requirements, SAP systems are very often connected to the Internet. This scenario dramatically increases the universe 
of possible attackers, as
malicious parties can remotely try to compromise the organization's SAP platform and perform espionage, sabotage and 
fraud attacks.

SAP provides different Web technologies, such as the Enterprise Portal, the Internet Communication Manager (ICM) and 
the Internet Transaction Server
(ITS), which may be prone to specific security risks.

This issue analyzes possible attack vectors to SAP Web components and the measures that need to be taken in order to 
prevent them. This information
will enable organizations to better protect their business-critical infrastructure against cyber-attacks performed over 
Web scenarios.
- ------

The full publication can be downloaded from http://www.onapsis.com/resources/get.php?resid=ssid05

This publication summarizes part of the research and presentations we have held regarding this topic over the last year 
at the major security conferences.

We are also going to hold two free Webinars with *live demonstrations of the attack vectors described in the 
publication*, so don't hesitate to join
us to go deeper in the technical aspects of these threats and better understand the associated business risks.

        * Tuesday, May 22, 2012 3:00 PM - 4:00 PM CEST - http://bit.ly/K3C30X
        * Wednesday, May 23, 2012 1:00 PM - 2:00 PM EDT - http://bit.ly/KMNWHZ

We hope you enjoy this new issue!

Kindest regards,

- -- 
- -------------------------------
The Onapsis Research Labs Team
Onapsis, Inc.

Email: research () onapsis com
Tel: +1 (650) 288-6696
Web: www.onapsis.com
- -------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk+sUgkACgkQz3i6WNVBcDUf6gCfdp+VExrA8pNuGEL3ShtkNHT/
w20AmwbKp3/aFc0H3vgjRzjF8cb9x7kk
=uI7h
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/