SAP Pen Testing

From: Yvan Boily (yboily@seccuris.com)
Date: Tue Feb 22 2005 - 15:08:10 EST

• Next message: cris_dewitt@hotmail.com: "Re: DB2 - SQL Injection"
• Previous message: Steve Fletcher: "RE: Bypassing NTFS ACL"
• Next in thread: Mailinglisten: "Re: SAP Pen Testing"
• Reply: Mailinglisten: "Re: SAP Pen Testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I know there was a previous thread on this topic, however some of the
information provided was not relevent.

In this case I am pentesting the Enterprise Portal; the actual R/3 database
is out of scope for this engagement. The portal is a J2EE application
server. We will also be testing a TREX system that is part of the
environment.

I am going to be running through the typical stuff for most web
applications, as well as some platform specific issues. Anyone know of any
issues or gotchas with SAP?

Regards,
Yvan Boily

• Next message: cris_dewitt@hotmail.com: "Re: DB2 - SQL Injection"
• Previous message: Steve Fletcher: "RE: Bypassing NTFS ACL"
• Next in thread: Mailinglisten: "Re: SAP Pen Testing"
• Reply: Mailinglisten: "Re: SAP Pen Testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT