Attacking the Giants: Exploiting SAP Internals - Cybsec
Attacking the Giants: Exploiting SAP Internals - Cybsec
Attacking the Giants: Exploiting SAP Internals - Cybsec
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Attacking</strong> <strong>the</strong> <strong>Giants</strong>: <strong>Exploiting</strong> <strong>SAP</strong> <strong>Internals</strong><br />
Security Review of <strong>the</strong> RFC Interface...<br />
© 2007<br />
Traffic Analysis<br />
• Information is sent in clear-text by default.<br />
•<strong>SAP</strong> provides SNC (Secure Network Communications) for<br />
encryption of traffic.<br />
•What can we get?<br />
• Logon information.<br />
• Called Function Name.<br />
• Parameters Information and Content.<br />
• Tables Information and Content (may be compressed).<br />
• Client and Server information.<br />
• ...<br />
17