pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SAP Pen-testing - complexity - first ideas

from [Carl Jongsma] [Permanent Link][Original]
To: Petr.Kazil@eap.nl, PenTest <pen-test@securityfocus.com>
Subject: Re: SAP Pen-testing - complexity - first ideas
From: Carl Jongsma <info@skiifwrald.com>
Date: Sat, 14 Apr 2007 05:35:13 +0930
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date: Fri, 13 Apr 2007 18:00:07 -0600 (MDT)
Resent-from: pen-test-return-1078483952@securityfocus.com
Resent-message-id: <20070414000007.34B17238A90@outgoing3.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
Hi,
I'm probably a little late to this thread, but I picked it up when a couple of my old advisories were used as examples when discussing SAP pen-testing. In the month since the thread started, there have been some interesting releases in terms of SAP pen-testing, with a set of advisories released based on the findings of an SAP pen-test tool, and the free release of the same tool:
http://www.skiifwrald.com/pipermail/alertmailinglist_skiifwrald.com/ 2007-April/000289.html
In three months time, the researchers who uncovered the vulnerabilities plan to release detailed technical code of the vulnerabilities, which should give everyone else an idea as to how the tool functions (the fact that the RFC library is being targeted does provide some clues). 

Carl

Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: SAP Pen-testing - complexity - first ideas, Carl Jongsma <=
Previous by Date:  Re: Boot floppy, Morning Wood
Next by Date:  Re: windows 2003 server, Nicolas RUFF
Previous by Thread:  Vulnerability - Tracking and Remediation, xelerated
Next by Thread:  Re: windows 2003 server, Nicolas RUFF
Indexes:  [Date] [Thread] [Top] [All Lists]