Press Release

Targeted attacks on SAP applications spotlighted at BlackHat

Las Vegas, CA – July 26, 2012 The biggest infosec venue. BlackHat conference was the place to show a new example of a targeted attack on SAP systems. The researchers from ERPScan company, which is focused on developing security solutions for SAP applications, gave a talk where they showed a very complex attack on the SAP system which uses multiple exploits including a 0-day technique called XML tunneling – an example of SSRF (Server Side Request Forgery) attack.

Read more

Adobe web portal is protected by ERPScan

Palo Alto, CA – July 26, 2012 ERPScan employees have received a second acknowledgement from Adobe in this quarter. This time, Alexey Sintsov has reported an SQL Injection in Adobe web portal. This vulnerability allowed unauthorized access to the contents of a database in the web portal and could possibly lead to sensitive data compromise and consequently a mass media scandal.

Read more

ERPScan has conducted a regular meeting with SAP Security Response Team in Walldorf

Palo Alto, CA – July 9, 2012 In June, ERPScan conducted the third regular meeting with SAP Security Response Team in Walldorf, Germany. The security of SAP architecture was discussed at the meeting. Apart from the official discussion, ERPScan conducted a workshop for SAP specialists about the secure architecture of complex enterprise applications and web services as well as defense from the latest threats.

Read more

ERPScan educates German students

Palo Alto, CA – June 1, 2012 On April 24, Alexey Sintsov, head of the information security audit department in ERPScan, conducted a practical workshop in one of the best technical universities in Germany – RUHR, located in Bochum. His speech was supported by a demonstration of vulnerabilities and examples of attacks.

Read more

The world SAPocalypse tour came to its end. ERPScan prepares for the next year

Palo Alto, CA – November 18, 2011 ERPScan specialists demonstrated the concept of a SAP worm targeted to SAP systems which can be available from the Internet with use of a critical vulnerability in J2EE engine at the HITB (Malaysia) and HackerHalted (Miami) conferences.
The report attracted a lot of attention and was highly appreciated by foreign colleagues. The world tour, devoted to SAP J2EE platform security, is over. Right now our specialists prepare for the next year, which definitely will bring us new and interesting reports.

Read more