Penetration Testing mailing list archives
RE: SAP Pen-Test
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 2 Nov 2004 08:12:04 -0500
Phenoelit has done some interesting research on this, including the release of a few exploits for SAP ITS. I can't say I've seen very much else covering SAP, however. You also might find it interesting to read the chapter of "Stealing the Network: How to Own a Continent" that was written by FX; in it, he describes a progressive (albeit extremely skilled) attack against an SAP system.
-----Original Message----- From: Sven Tambler [mailto:tambler.20.tam () spamgourmet com] Sent: Friday, October 29, 2004 4:42 AM To: pen-test () securityfocus com Subject: SAP Pen-Test Hello everyone, I want to test a SAP Enterprise Portal. Do you know a tool for pen-testing a SAP portal? Of course, there are a lot of tools and techniques for apache or IIS and you can use them in a similar way. Otherwise there are a lot of SAP originalities and specialities you have to keep in mind. I don´t search for a tool like "nessus for SAP" - such a thing doesn´t exist - but some advices or plug-ins could be very useful. Could you by any chance be able to help? Thanks - Sven
Current thread:
- SAP Pen-Test Sven Tambler (Nov 01)
- RE: SAP Pen-Test Rob Shein (Nov 03)
- RE: SAP Pen-Test Marc Heuse (Nov 05)
- Re: SAP Pen-Test Nicolas Gregoire (Nov 03)
- Re: SAP Pen-Test Martin Eiszner (Nov 05)
- <Possible follow-ups>
- RE: SAP Pen-Test Todd Towles (Nov 03)
- RE: SAP Pen-Test Nicolas Gregoire (Nov 05)
- RE: SAP Pen-Test Rob Shein (Nov 03)