Emiliano Fausto

Security Researcher

Emiliano is a Security Researcher at the Onapsis Research Labs. He is a systems engineer from the UTN and holds a Master's degree in Information Security from Universidad de Buenos Aires (UBA). His work is focused on the research and development of new technologies to boost innovation into Onapsis products. He is a frequent author of the publication "SAP Security Notes Analysis". He works very close to the engineering teams implementing research prototypes into Onapsis product line.

Missing Authorization Checks – SAP Security Notes September 2016

Today is the second Tuesday of September, which means that SAP has released their monthly batch of Security Notes. SAP published 21 SAP Security Notes this month (6 Notes were published after August the 8th, and did not have any Hot News items. Only four Notes this month were considered to be ‘high priority’ (16 were Medium and 1 was Low).

Two of the four ‘high priority’ SAP Security Notes are related to the product SAP Adaptive Server Enterprise (SAP ASE - http://go.sap.com/product/data-mgmt/sybase-ase.html):

Denial of Service Attacks: SAP Security Notes August 2016

Today, SAP released their latest batch of monthly Security Notes. Despite this month not being specifically critical, Denial of Service attacks are a central point of concern. A Denial of Service (DoS) attack intends to make one or more resource unavailable. In the case of SAP, DoS attacks could be a partial and affect only a specific program or database, or they could be complete, taking all SAP infrastructure offline.