SAP Cyber Threat Intelligence report – May 2018

SAP Cyber Threat Intelligence report – May 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyber attacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest SAP security vulnerabilities and threats. Key takeaways This set of SAP Security ... Read More
Blog – ERPScan

Dynamic Code Execution

This short article continues the discussion on the second section of Secure ABAP Development Guide called ‘Critical Calls’. Dynamic code execution in ABAP is possible via ASSIGN, PERFORM or CREATE OBJECT statements. These statements may contain a potentially harmful variable input from variable content leading to full system compromise which ... Read More
Blog – ERPScan
Analyzing Oracle Security – Critical Patch Update for April 2018

Analyzing Oracle Security – Critical Patch Update for April 2018

| | Blog, Oracle CPU
Today Oracle has released its quarterly patch update. Oracle warns that if customers fail to apply available patches, attackers become successful in their attempts to maliciously exploit vulnerabilities. April’s CPU fixes a total of 254 security vulnerabilities. The main highlights are listed below. April’s CPU contains 153 vulnerabilities in business-critical ... Read More
Blog – ERPScan
SAP Cyber Threat Intelligence report – April 2018

SAP Cyber Threat Intelligence report – April 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyber attacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats. Key takeaways This set of SAP Security Notes ... Read More
Blog – ERPScan
SAP S/4HANA history

What is SAP S/4HANA? – Business Introduction

SAP S/4HANA is a shortened version of SAP Business Suite 4 SAP HANA. Basically, it is a new generation of SAP Business Suite. But before we dive into details, let’s start from the beginning. SAP S/4HANA history Where does SAP S/4HANA come from? It is not a secret that business ... Read More
Blog – ERPScan

Oracle EBS Penetration testing tool

Nobody will argue that IT security is vital in our modern world, particularly for businesses. Cybercrime is getting worse and systems become more vulnerable with time, making organizations more susceptible to cyberattacks and financial losses. That’s why the topic of cybercrime demands more attention and cyber-awareness. ERP security is a ... Read More
Blog – ERPScan

Dynamic ABAP Calls

With this article, we start the second section of Secure ABAP Development Guide called ‘Critical Calls’. Not only injection vulnerabilities are able to harm the systems but also some statements in ABAP. In this category, most of them (not all!) are not so severe as injections but the inadvertent operation ... Read More
Blog – ERPScan
How I encrypted your EBS application password

How I encrypted your EBS application password

Nowadays, Oracle is widely known as one of the leaders in the production of enterprise software. Among its products, there is Oracle EBS (E-Business Suite), which is a huge ERP system used in various industries, such as Automobile, Aerospace and Defense, Engineering and Construction, Health Sciences, Hospitality, Professional Services, etc ... Read More
Blog – ERPScan
SAP Cyber Threat Intelligence report – March 2018

SAP Cyber Threat Intelligence report – March 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats. Key takeaways The set of SAP Security Notes consists ... Read More
Blog – ERPScan
Adapting hashcat for SAP ‘half hashes’

Adapting hashcat for SAP ‘half hashes’

In this article, you will see how to adapt hashcat to work with SAP ‘half hashes’. Context One crucial aspect of SAP penetration testing is abusing users’ privileges after we got access to their passwords. We often encounter a scenario when the server is an SAP NetWeaver ABAP and the ... Read More
Blog – ERPScan