Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SAP Pen-testing - complexity - first ideas

from [Carl Jongsma] Network Security [Permanent Link]
Subject: Re: SAP Pen-testing - complexity - first ideas
Date: Sat, 14 Apr 2007 05:35:13 +0930 
Hi,

I'm probably a little late to this thread, but I picked it up when a couple of my old advisories were used as examples when discussing SAP pen-testing. In the month since the thread started, there have been some interesting releases in terms of SAP pen-testing, with a set of advisories released based on the findings of an SAP pen-test tool, and the free release of the same tool:

http://www.skiifwrald.com/pipermail/alertmailinglist_skiifwrald.com/ 2007-April/000289.html

In three months time, the researchers who uncovered the vulnerabilities plan to release detailed technical code of the vulnerabilities, which should give everyone else an idea as to how the tool functions (the fact that the RFC library is being targeted does provide some clues).

Carl

Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: SAP Pen-testing - complexity - first ideas, Carl Jongsma <=
Previous by Date:  Re: Paros alternative, Frederic Charpentier
Next by Date:  Re: windows 2003 server, Nicolas RUFF
Previous by Thread:  Vulnerability - Tracking and Remediation, xelerated
Next by Thread:  Retrieving Cached Domain Credentials from Vista, Ben Nell
Indexes:  [Date] [Thread] [Top] [All Lists]