In this section you will find different resources that would help you better understand the security of business-critical solutions. If you need further information, feel free to contact the Onapsis Research Labs at research@onapsis.com.

Free Solutions

In this section you will find different solutions developed by the Onapsis Research Labs that are provided free-of-charge to the general community.

• Onapsis Bizploit
Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.
Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.

Download Bizploit v1.00-rc1 for Windows
Download Bizploit v1.00-rc1 for Linux
• Onapsis Integrity Analizer for SAP
This solution was developed to help SAP's customers protect their systems from unauthorized modifications of ABAP programs in their SAP platforms.
If undetected, these modifications can be used to inject Backdoors in an SAP system, which would enable attackers to manipulate critical business processes and steal sensitive information remotely.

The software is undergoing the final beta-testing phase and will be released soon.

SAP Security In-Depth Publication

SAP Security In-Depth is a periodic publication which delves into innovative security aspects of SAP business solutions. In each release, a different subject is analyzed from an objective perspective, reviewing and presenting a comprehensive assessment of the involved risks for the critical business information and the different mitigation strategies that would allow corporations to protect themselves from financial frauds and other information security attacks.

The following volumes are already available for free download:

• 2010-03-23 - Volume II: SAP Knowledge Management - The risks of sharing
• 2009-11-25 - Volume I: The risks of downwards compatibility

Security Advisories

The Onapsis Research Labs is continuously researching in the security of different business-critical solutions in order to better understand the involved risks and provide our customers with novel and high quality information to protect and assess their business technological environments. This research is also shared with the community, in the form of security advisories that describe the detected vulnerabilities.

• 2010-07-13 - ONAPSIS-2010-006: SAP J2EE Web Services Navigator Cross-Site Scripting
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system.
Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
• 2010-06-16 - ONAPSIS-2010-005: SAP J2EE Telnet Administration Security Check Bypass
By exploiting this vulnerability, an internal or external attacker would be able to retrieve sensitive technical information from the SAP J2EE system.
This information can be used to replay authentication credentials and perform sensitive operations over the SAP landscape, possibly taking remote control of the affected systems.
• 2010-02-10 - ONAPSIS-2010-004: SAP J2EE Authentication Phishing Vector
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system.
An attacker would send specially crafted emails to users of the Organization's SAP system. After they have been successfully authenticated by the application, they would be redirected to an attacker's controlled web site where he would be able to perform different attacks over their systems and/or trick them into providing sensitive information.
• 2010-02-10 - ONAPSIS-2010-003: SAP WebDynpro Runtime XSS/CSS Injection
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system.
Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through complex social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
• 2010-02-10 - ONAPSIS-2010-002: SAP J2EE Engine MDB Path Traversal
By exploiting this vulnerability, an internal or external attacker would be able to access arbitrary files located in the SAP Server file-system.
With this access, he would be able to obtain sensitive technical and business related information stored in the vulnerable SAP system.
• 2010-01-19 - ONAPSIS-2010-001: SAP WebAS Integrated ITS Remote Code Execution
By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application Servers, taking complete control of the SAP system.
With these privileges, he would be able to obtain, create, modify and/or delete any business related information stored in the vulnerable SAP system.

Security Conferences Presentations

Because of their recognized research work, the Onapsis Research Labs experts are continuously invited to hold presentations in the most outstanding Information Security Conferences in the world.

The following presentations can be downloaded:

• 2010-04-14 - SAP Backdoors: A ghost at the heart of your business (BlackHat Europe)
• 2009-10-23 - Penetration Testing SAP Systems (Seacure.it)