Before proceeding with this methodology some SAP terminologies are to be understood: Client – A client is a 3-digit number that could be understood as a specific customer. This means that all business data within a client is protected from other clients. Each client has its own customer data, which can be considered as the […]
You can read Part 1 here. It may be possible that multiple SAP servers could run across different systems. Identify all the servers before proceeding with the assessment. This is so, as all the SAP servers (could run the different or same set of modules) interact with each other, and compromising one could lead […]
SAP is a software suite that offers standard business solutions; it is used by thousands of customers across the globe to manage their businesses to manage financial, asset, and cost accounting, production operations and materials, personnel, and many more tasks. This blog post provides a methodological overview and a comprehensive approach for SAP penetration testing […]
A few months back, I was asked to perform a security assessment of the core banking setup for a bank. The core banking application was hosted on the IBM AS/400 mainframe system As part of my research on the subject, I gathered material related to IBM AS400 (also known as IBM i) and realized that: […]
[Webinar] Change in Red Team Assessment approach post COVID-19 by Shrikant Antre There are remarkable changes happening in the world due to the current pandemic situation. These charges vary from routines, lifestyle, working hours, technologies & cybersecurity landscape. Organisations have started focusing on teleworking (Work-From-Home) models, changes in processes, changes in physical security controls as […]
