High-profile risk threats identified by Onapsis Research Labs experts reveals that unauthorized users could access business-critical applications leveraging SAP BusinessObjects
As most users of SAPGUI know, the application keeps a record of the values that are entered in each field. In the case of having to repeat the same entries multiple times, this is of course a great feature... or maybe not?
Let's analyze this from a security viewpoint. There are two main questions to ask:
Today's post will be focused on analyzing the inner workings of the SAP CODVN H algorithm.
Before jumping into the algorithm's details I will highlight the most important features. For more information you can refer to the SAP security note 991968. The algorithm provides the following capabilities:
Last week we were doing some tests on the HANA XS engine trying to understand how an attacker could bypass the XSS filter provided by the ICM.
There is a lot of discussion in risk management circles on how risks within the value chain can often be ignored. Paul Proctor, Vice President of Research at Gartner, recently presented a webcast titled “Digital Business and the CIO’s Relationship with Risk." He indicates: