Penetration Testing mailing list archives
Re: Pen-Testing SAP
From: Andrew Johns <Andrew.Johns () haley com>
Date: Thu, 1 Jan 2009 13:00:57 +1100
From experience it pays to examine the db config well - it used to be the case that eg: jd edwards installed oracle silently during the install with a known password - ChangeOnInstall - for the sysdba a/c. Thereby leaving the db wide open to abuse... All too many sites do not have the qualified oracle dba's and so the password is never/rarely changed. YMMV -------------------------- Sent using BlackBerry ----- Original Message ----- From: listbounce () securityfocus com <listbounce () securityfocus com> To: pen-test () securityfocus com <pen-test () securityfocus com> Sent: Wed Dec 31 18:09:17 2008 Subject: Pen-Testing SAP Hi, Lemme wish to the members of this list a"Happy New Year" for 2009. I was wondering about the security of Packaged solutions like SAP,Siebel & Peoplsoft with regards to pentesting them. Are there any speciffice tests for these packages,apart from the generic set pentests which we do on the normal web applications ? Please let me know if there is any information in line to the above request. Cheers Mahendra. Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: Pen-Testing SAP Ulises Retamal (Jan 03)
- <Possible follow-ups>
- Re: Pen-Testing SAP Andrew Johns (Jan 03)
- Re: Pen-Testing SAP Mike Duncan (Jan 05)
- RE: Pen-Testing SAP Renaud Bidou (Jan 05)
- Re: Pen-Testing SAP Mike Duncan (Jan 05)
- Re: Pen-Testing SAP Jon Kibler (Jan 05)