A security scanner for SAP 2.0
Posted on 27 April 2012.
ERPScan has released ERPScan Security Scanner for SAP 2.0 – a complex solution to continuously monitor all areas of SAP security, from vulnerability assessment and misconfigurations to ABAP code review and analysis of business-critical privileges.

One of the most significant changes is a new module which can make static analysis of ABAP code security. It makes ERPScan the only solution on the market which makes both security assessment of platform and code review.

The number of anonymous checks which can be performed in Penetration testing mode ha been significantly increased to help companies identify issues without using credentials in the system.

The new engine can help to perform audit and compliance checks not just through RFC – it allows making complete scan through the web-interface which is a great feature for external penetration tests and can make pen-testers’ lives easier.

More new functions:
  • Support of different web application types (bsp/iviews/jsp/webservices/webdynpro’s)
  • More than 5000 different checks covering misconfigurations, vulnerabilities, access to web-applications; search for 50 different types of vulnerabilities in ABAP code
  • Elaborated black-box vulnerability assessment
  • Cataloguing of SAP systems and services
“Today, almost all critical operations like procurements, stock resources management, human resources management, financial reports and much more, and all the data related to them, are stored in SAP system. This is why the main target for an insider or an external attacker would be to gain illicit access to SAP with the purpose of malicious manipulation of company resources," says Alexander Polyakov, CTO of ERPScan.

"In spite of the increasing popularity of ERP systems security in the security community, companies are still vulnerable to cybercriminal and insider attacks. At this moment SAP has released more than 2000 Security notes closing various vulnerabilities, which is quite a lot, especially if you keep in mind that sometimes it is enough to get access to all business critical data through only one issue. An example was presented at BlackHat last summer. On the other side, almost every company develops custom ABAP code which can also have vulnerabilities and backdoors left by developers”,

“SAP security assessment, according to our experience, usually takes quite a long time. Additionally, the complexity of the system and the large amount of different installation types require the participation of specialists from various fields of security. Even the application server may have either ABAP or Java platform, and they require completely different specialists, not to mention particular applications and modules. ERPScan allows you to significantly simplify the task of assessment by automating most of the ordinary checks, so you can pay more attention to the analysis of the customized part”, he concludes.





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //