Publications

Browse our knowledge center

Content from 2019

SAP Situation Report 2019

Project “ARSAP” is a semi-automatic mechanism, which main goal was to detect and register all the SAP systems that are exposed to the Internet, extracting the system’s metadata, and cataloging the assets in base of their geo-location, system type, version, installed components and potential risk. (For this last point, it is important to clarify that NO active probes were executed on any of the detected systems. The collected information was obtained, by just analyzing the systems’ metadata)

This knowledge, enabled us to create the first SAP cyber-security situation report, allowing the SAP customers to have a clear and unbiased analysis of the current status of the Internet facing SAP systems in the market.

Check Report

Content from 2018

Volume I - SAP Hash Cracking with John The Ripper

On this first edition of our ERP security magazine, we will be analyzing one of the aspects that most SAP security newcomers struggle with, “How can I evaluate if my SAP end users, are actually using a strong password?”

Believe it or not, most organizations have a common problem, they believe that as Single Sign On is implemented, the domain should handle password security through global security directives, unfortunately, in many cases, configuring Single Sign On in SAP, will do little in terms of preventing an attacker to successfully get plain text passwords.

Join us in our first edition of this ERP security magazine, to know the common pitfalls of SAP password security and how an attacker can crack your SAP hashes even when Single Sign On is activated.

Download