RE: SAP Pen-Test
From: Rob Shein (shoten_at_starpower.net)
Date: 11/02/04
- Previous message: sk3tch_at_sk3tch.net: "RE: TS/3389 risk on Internet"
- In reply to: Sven Tambler: "SAP Pen-Test"
- Next in thread: Marc Heuse: "RE: SAP Pen-Test"
- Reply: Marc Heuse: "RE: SAP Pen-Test"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <tambler.20.tam@spamgourmet.com>, <pen-test@securityfocus.com> Date: Tue, 2 Nov 2004 08:12:04 -0500
Phenoelit has done some interesting research on this, including the release
of a few exploits for SAP ITS. I can't say I've seen very much else
covering SAP, however. You also might find it interesting to read the
chapter of "Stealing the Network: How to Own a Continent" that was written
by FX; in it, he describes a progressive (albeit extremely skilled) attack
against an SAP system.
> -----Original Message-----
> From: Sven Tambler [mailto:tambler.20.tam@spamgourmet.com]
> Sent: Friday, October 29, 2004 4:42 AM
> To: pen-test@securityfocus.com
> Subject: SAP Pen-Test
>
>
> Hello everyone,
>
> I want to test a SAP Enterprise Portal. Do you know a tool for
> pen-testing a SAP portal? Of course, there are a lot of tools and
> techniques for apache or IIS and you can use them in a similar way.
> Otherwise there are a lot of SAP originalities and
> specialities you have
> to keep in mind. I donīt search for a tool like "nessus for
> SAP" - such
> a thing doesnīt exist - but some advices or plug-ins could be very
> useful. Could you by any chance be able to help?
>
> Thanks - Sven
>
>
>
- Previous message: sk3tch_at_sk3tch.net: "RE: TS/3389 risk on Internet"
- In reply to: Sven Tambler: "SAP Pen-Test"
- Next in thread: Marc Heuse: "RE: SAP Pen-Test"
- Reply: Marc Heuse: "RE: SAP Pen-Test"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
