By Amol Bharti on January 20, 2010
All spool requests created after 2009/12/23 with deletion date exceeding 2010/01/01 are wrongly Y2K’ed as
Posted in SAP Security | Tagged 2100/01/01, Deletion date, expiry date, SP01, spool full, spool overflow
By Amol Bharti on December 31, 2009
This blog lists some of the most important and highly recommended SAP Security Notes. Please consult with a security expert or a basis specialist before implementing these security notes.
Posted in SAP Security | Tagged abap, Bling SQL, Cross Site Scripting, forensic security, missing authorizations, Netweaver, obsolete code, portal security, r/3, SAP Security, SQLi, xss
By Amol Bharti on December 18, 2009
Wow, another fantastic year is about to over and it’s the festive season again. I’d like to take this opportunity to wish everyone a very happy holiday and a good 2010. This blog post is dedicated to my favorite flash authoring application Swish Max3 and miniMax3. If you are looking for some great templates and [...]
Posted in Multi Media | Tagged 2010, favorite blogs, forum posts, Happy New Year, Swish Max3, Swish MiniMax3, swishzone, tutorials, X-mas 2009
By Amol Bharti on November 27, 2009
Given are a few guidelines for any SAP Portal implementation. These are simply based on my personal experience.
Posted in SAP Security | Tagged 0 day exploit, codergeek82, Collaboration Security, exploiting SAP Portal with Google hacking., GRC Security, Hacking SAP Portal, Knoweledge Management, Portal vulnerability, SAP Enterprise Portal Security, SAP Portal Security Guidelines, Secure your SAP Portal, zero day
By Amol Bharti on November 27, 2009
During an SAP Portal Security review, I came across a scenario where HTTPOnly flag in session cookie was not set. Please checkout the recommendation given in this short blog.
Posted in SAP Security | Tagged ethical hacker india, httponly flag in cookie not set, recommendations, sap hacker, sap portal security, SAP Security
By Amol Bharti on November 26, 2009
In my earlier blog, I had promised to cover some of the most critical security issues that you may face sooner or later. So here are some pointers for you to re-evaluate your SAP Portal implementation and fix the significant issues before someone else breaks-in. Here is a POC with some snapshots.
Posted in SAP Security | Tagged 0 day exploit, codergeek82, Collaboration Security, exploiting SAP Portal with Google hacking., GRC Security, Hacking SAP Portal, Knoweledge Management, Portal vulnerability, SAP Enterprise Portal Security, Secure your SAP Portal, zero day
By Amol Bharti on November 26, 2009
In this series of blogs, I will be focusing more on the core SAP security, Portal, Netweaver and some other topics like XSS, So keep watching the space.
Posted in SAP Security | Tagged 0day exploits, back door access, CA, ethical hacker india, forensic, hacking sap, NASA vulnerabilities reported, sap, sap portal vulnerabilities, SAP Security, white hat hackers, zero day
By Amol Bharti on October 21, 2009
Syntel today announced that it has joined the SAP(R) PartnerEdge(TM) program as an SAP services partner in India. The program gives partners access to resources, services and benefits that will help Syntel build and maintain a successful partnership with SAP India, which will help it to optimize business results for clients.
Posted in GRC-S, News & Media | Tagged BusinessObjects partner, GRC Access Controls partners, india, partnership, sap, SAP PartnerEdge Program, sap services partner, syntel
By Amol Bharti on September 18, 2009
Find out what to do when your e-mail is targeted by spammers and Spam filters start framing your e-mail for nothing, you may be black listed for no reasons. I got an automated e-mail from a spam filter blaming for sending bulk messages which I didn’t. So I had to backfire. Checkout the full story. Learn about Sender Policy Framework (SPF Record)
Posted in Network System Security | Tagged a spammer, domain name security, false spam filter results, how to create spf record, idiot spam bot, Sender Policy Framework, spf record, test spf validity, what did ya said
Security
Recent Comments