Before proceeding with this methodology some SAP terminologies are to be understood: Client – A client is a 3-digit number that could be understood as a specific customer. This means that all business data within a client is protected from other clients. Each client has its own customer data, which can be considered as the […]
You can read Part 1 here. It may be possible that multiple SAP servers could run across different systems. Identify all the servers before proceeding with the assessment. This is so, as all the SAP servers (could run the different or same set of modules) interact with each other, and compromising one could lead […]
SAP is a software suite that offers standard business solutions; it is used by thousands of customers across the globe to manage their businesses to manage financial, asset, and cost accounting, production operations and materials, personnel, and many more tasks. This blog post provides a methodological overview and a comprehensive approach for SAP penetration testing […]
You can read part-1 (Passive Subdomain Enumeration) here. Active sub-domain enumeration techniques Brute force or Dictionary Attacks Brute force means guessing possible combinations of the target until the expected output is discovered. So, in the subdomain context, the brute-forcing is to try the possible combination of words, alphabets, and numbers before the main domain in […]
What is sub-domain Enumeration? Subdomain enumeration is a process of finding subdomains for one or more domains. Why need sub-domain enumeration? Sub-domain enumeration helps to create a scope of security assessment by revealing domains/sub-domains of a target organization. Sub-domain enumeration increases the chance of finding vulnerabilities. The sub-domain enumeration helps us in finding the web […]
Introduction to DIFC Law No. 5 of 2020 Dubai International Financial Center (DIFC), Dubai’s financial services free zone, has issued a new Data Protection Law (DIFC Law No. 5 of 2020), replacing the current regime. The purpose of this law is to provide enhanced standards and controls for the processing and free movement of personal […]
Syed Sajjad Mehdi
Rishabh Sharma
Swapnil Jariwala