August 2015 Blog Posts (15)

Securing SAP Systems from XSS vulnerabilities Part 4: Defense for SAP HANA XS

Today’s post is the last in the series of articles about XSS vulnerabilities in SAP systems. The previous parts describe how to prevent XSS in SAP NetWeaver ABAP and SAP NetWeaver J2EE.

XSS is one of the most popular vulnerabilities and its effect can range from a petty nuisance to a significant security risk, depending on the sensitivity of the data. In SAP products, 628 XSS vulnerabilities were discovered that is almost 22%…

Continue

Added by Alexander Polyakov on August 25, 2015 at 5:48pm — No Comments

Securing SAP Systems from XSS vulnerabilities Part 3: Defense for SAP NetWeaver J2EE

From the developer’s perspective

For AS Java, the encoding is available as tc_sec_csi.jar. There is a static class and an interface which provides the encodings for HTML/XML, JavaScript, CSS and URL. Also it is available to use methods of public class StringUtils (com.sap.security.core.server.csi.util.StringUtils):

  • escapeScriptEndTag(String pStr) - Prepare a string to be used for a javascript…
Continue

Added by Alexander Polyakov on August 25, 2015 at 5:47pm — No Comments

Securing SAP Systems from XSS vulnerabilities Part 2: Defense for SAP NetWeaver ABAP

We continue our series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. Today's post describes how to protect SAP NetWeaver ABAP from XSS.

From the developer’s perspective

For all generic Web applications where you accept input parameters, you must use encoding methods provided by the ICF handler. The implementation of the encoding is…

Continue

Added by Alexander Polyakov on August 25, 2015 at 5:46pm — No Comments

PeopleSoft Security Part 1: Overview of architecture

Oracle PeopleSoft applications are quite complex and consist of many components, so does their security. While there is almost no research on PS security, successful attacks against such systems happen from time to time. That’s why we decided to start a series of articles about some aspects of PS security.

These applications are designed to address the most complex business requirements. They…

Continue

Added by Alexander Polyakov on August 24, 2015 at 6:44pm — No Comments

Oracle Security: Researchers' response to the post by Oracle CSO Mary Ann Davidson

Hello, dear readers! Today I would like to talk about Oracle Security.

On August 11, Mary Ann – Oracle's CSO - published an incredibly shocking post about security researchers which was promptly deleted (either by herself or somebody else). The post was discussed by multiple resources such as…

Continue

Added by Alexander Polyakov on August 24, 2015 at 6:38pm — No Comments

Chevening Cyber Security Scholarship

Chevening.JPG

Please cascade to your teams please Tata Consultancy Services (BSE: 532540, NSE: TCS), the leading IT services, consulting and business solutions organization, is a partner with the Foreign & Commonwealth Office (FCO) of the UK Government and created the Chevening-TCS Scholarship on Cyber Policy for professionals in diverse fields from India. This is the…

Continue

Added by Kinshuk De on August 21, 2015 at 6:40pm — No Comments

Ponemon Report: Cost of Data Breach in India, 2015

This year’s study examines the costs incurred by 36 Indian companies in 12 industry sectors after those companies experienced the loss or theft of protected personal data and then had to notify breach victims and/or regulators as required by laws and business…

Continue

Added by CISO Platform on August 20, 2015 at 10:30pm — No Comments

Major components of IT GRC solutions

Governance, Risk and Compliance is sometimes a managerial step or a mandatory step to adhere with regulations & maintain compliant systems. It widely helps in Risk Management.

Some of the major components of IT GRC are:

  1. IT Policy Management
  2. IT Risk Management
  3. Compliance Management
  4. Threat & Vulnerability Management
  5. Vendor Risk Management
  6. Incident…
Continue

Added by pritha on August 18, 2015 at 4:30pm — No Comments

Critical Platform Capabilities For IT GRC Solution

The intent of using IT Governance Risk Compliance (IT GRC) tools and capabilities is to report and manage IT Risks. We will study the critical platform capabilities for IT GRC Tools.

Critical Platform Capabilities In IT GRC…

Continue

Added by pritha on August 18, 2015 at 4:30pm — No Comments

Bad USB Defense Strategies

What Is Bad USB?

The phenomenon of using the USB for malicious intent can be termed as Bad USB. USB Thumb Drives are the last considerations of malicious intent. However, if manipulated, they can takeover almost everything.

Some interesting demonstrations have been done at Black Hat conference by 2 highly regarded security researchers.

( …

Continue

Added by pritha on August 18, 2015 at 4:30pm — No Comments

Free Resources For Kickstarting Your IT-GRC Program

Free/Opensource Tools -

Continue

Added by pritha on August 18, 2015 at 1:00pm — No Comments

Curated List of Application Security Essentials

Today, while working on github, I landed upon an amazing curated list of information on Application Security, covering from fundamentals to programming. The most amazing part was the love demonstration of hacking a website.

Do check this out: https://github.com/paragonie/awesome-appsec

Added by Deepak Panigrahy on August 17, 2015 at 4:08pm — No Comments

SAP Security Notes August 2015

SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is Cross Site Scripting (XSS). This month, three critical vulnerabilities found by ERPScan researchers Dmitry…

Continue

Added by Alexander Polyakov on August 13, 2015 at 2:31pm — No Comments

SAP Security for CISOs. Part one: How I started my SAP journey

Hello, dear readers, recently we have finished our series of articles on how to Secure SAP Systems from XXS vulnerabilities. Having a great success with the previous series, I decided to launch another series of articles called “SAP Security for CISOs”. However, you don’t need to be a CISO to benefit from reading these…

Continue

Added by Alexander Polyakov on August 5, 2015 at 11:17pm — No Comments

Car recalls and sabotage attacks against MES systems

No doubt you had heard about Chrysler’s recall of affected cars as it appeared in all the top media. You’ll be even more surprised if you see how many recalls happened because of technical issues in recent months. But there is something that we may miss beyond the headlines, some important potential sabotage vectors may happen or are even happening now to increase these…

Continue

Added by Alexander Polyakov on August 4, 2015 at 4:31pm — No Comments

Monthly Archives

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

1999


Forum

Security Trends and Emerging Technologies That A CISO Should Adopt In 2021

Started by Priyanka Aash on Wednesday. 0 Replies

What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */