Re: Pen-Testing SAP

[Andrew Johns <Andrew.Johns () haley com>]

From experience it pays to examine the db config well - it used to be the case that eg: jd edwards installed oracle 
silently during the install with a known password - ChangeOnInstall - for the sysdba a/c. Thereby leaving the db wide 
open to abuse...

All too many sites do not have the qualified oracle dba's and so the password is never/rarely changed. YMMV



--------------------------
Sent using BlackBerry


----- Original Message -----
From: listbounce () securityfocus com <listbounce () securityfocus com>
To: pen-test () securityfocus com <pen-test () securityfocus com>
Sent: Wed Dec 31 18:09:17 2008
Subject: Pen-Testing SAP

Hi,

Lemme wish to the members of this list a"Happy New Year" for 2009.

I was wondering about the security of Packaged solutions like SAP,Siebel & Peoplsoft with regards to pentesting them.
Are there any speciffice tests for these packages,apart from the generic set pentests which we do on the normal web 
applications ?

Please let me know if there is any information in line to the above request.

Cheers
Mahendra.


      Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------