SAP Enterprise Portal is one of the building blocks in the SAP NetWeaver architecture. The Portal is highly customizable with features like: Internationalization, Personalization, Cross system integration, User permissions, Authorization policies, Server unification, Knowledge Management and one of my favorite Collaboration.
Registered users’ are authenticated through various security check posts and are offered a single point of access to information and various integrated enterprise applications. The role based content and personalization capabilities enable you to focus specially on the information relevant to your daily decision making processes. SAP Portal has been among the top favorite enterprise portal solutions from quite some time now.
Nevertheless, with great power, comes great responsibility. The SAP Portal security is still a dark world with way less information available on the web. Believe me, I have seen world’s top security companies’ failing in this area and doing too much or too less to fix the generally known security issues.
In this series of blogs, I will be focusing more on the core SAP security, Portal, Netweaver and some other topics like XSS, So keep watching the space.
What am I cooking:
(Recently reported SAP Portal vulnerabilities to CA)
(Recently found XSS vulnerabilities on NASA and reported to SECUNIA)
[...] This post was Twitted by ITSecurityNews [...]