Social Network For Security Executives: Network, Learn & Collaborate
Today’s post is the last in the series of articles about XSS vulnerabilities in SAP systems. The previous parts describe how to prevent XSS in SAP NetWeaver ABAP and SAP NetWeaver J2EE.
XSS is one of the most popular vulnerabilities and its effect can range from a petty nuisance to a significant security risk, depending on the sensitivity of the data. In SAP products, 628 XSS vulnerabilities were discovered that is almost 22%…
ContinueAdded by Alexander Polyakov on August 25, 2015 at 5:48pm — No Comments
For AS Java, the encoding is available as tc_sec_csi.jar. There is a static class and an interface which provides the encodings for HTML/XML, JavaScript, CSS and URL. Also it is available to use methods of public class StringUtils (com.sap.security.core.server.csi.util.StringUtils):
Added by Alexander Polyakov on August 25, 2015 at 5:47pm — No Comments
We continue our series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. Today's post describes how to protect SAP NetWeaver ABAP from XSS.
For all generic Web applications where you accept input parameters, you must use encoding methods provided by the ICF handler. The implementation of the encoding is…
ContinueAdded by Alexander Polyakov on August 25, 2015 at 5:46pm — No Comments
Oracle PeopleSoft applications are quite complex and consist of many components, so does their security. While there is almost no research on PS security, successful attacks against such systems happen from time to time. That’s why we decided to start a series of articles about some aspects of PS security.
These applications are designed to address the most complex business requirements. They…
ContinueAdded by Alexander Polyakov on August 24, 2015 at 6:44pm — No Comments
Hello, dear readers! Today I would like to talk about Oracle Security.
On August 11, Mary Ann – Oracle's CSO - published an incredibly shocking post about security researchers which was promptly deleted (either by herself or somebody else). The post was discussed by multiple resources such as…
ContinueAdded by Alexander Polyakov on August 24, 2015 at 6:38pm — No Comments
Please cascade to your teams please Tata Consultancy Services (BSE: 532540, NSE: TCS), the leading IT services, consulting and business solutions organization, is a partner with the Foreign & Commonwealth Office (FCO) of the UK Government and created the Chevening-TCS Scholarship on Cyber Policy for professionals in diverse fields from India. This is the…
ContinueAdded by Kinshuk De on August 21, 2015 at 6:40pm — No Comments
This year’s study examines the costs incurred by 36 Indian companies in 12 industry sectors after those companies experienced the loss or theft of protected personal data and then had to notify breach victims and/or regulators as required by laws and business…
Added by CISO Platform on August 20, 2015 at 10:30pm — No Comments
Governance, Risk and Compliance is sometimes a managerial step or a mandatory step to adhere with regulations & maintain compliant systems. It widely helps in Risk Management.
Some of the major components of IT GRC are:
Added by pritha on August 18, 2015 at 4:30pm — No Comments
The intent of using IT Governance Risk Compliance (IT GRC) tools and capabilities is to report and manage IT Risks. We will study the critical platform capabilities for IT GRC Tools.
Critical Platform Capabilities In IT GRC…
ContinueAdded by pritha on August 18, 2015 at 4:30pm — No Comments
What Is Bad USB?
The phenomenon of using the USB for malicious intent can be termed as Bad USB. USB Thumb Drives are the last considerations of malicious intent. However, if manipulated, they can takeover almost everything.
Some interesting demonstrations have been done at Black Hat conference by 2 highly regarded security researchers.
( …
ContinueAdded by pritha on August 18, 2015 at 4:30pm — No Comments
Free/Opensource Tools -
Added by pritha on August 18, 2015 at 1:00pm — No Comments
Today, while working on github, I landed upon an amazing curated list of information on Application Security, covering from fundamentals to programming. The most amazing part was the love demonstration of hacking a website.
Do check this out: https://github.com/paragonie/awesome-appsec
Added by Deepak Panigrahy on August 17, 2015 at 4:08pm — No Comments
SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is Cross Site Scripting (XSS). This month, three critical vulnerabilities found by ERPScan researchers Dmitry…
ContinueAdded by Alexander Polyakov on August 13, 2015 at 2:31pm — No Comments
Hello, dear readers, recently we have finished our series of articles on how to Secure SAP Systems from XXS vulnerabilities. Having a great success with the previous series, I decided to launch another series of articles called “SAP Security for CISOs”. However, you don’t need to be a CISO to benefit from reading these…
ContinueAdded by Alexander Polyakov on August 5, 2015 at 11:17pm — No Comments
No doubt you had heard about Chrysler’s recall of affected cars as it appeared in all the top media. You’ll be even more surprised if you see how many recalls happened because of technical issues in recent months. But there is something that we may miss beyond the headlines, some important potential sabotage vectors may happen or are even happening now to increase these…
ContinueAdded by Alexander Polyakov on August 4, 2015 at 4:31pm — No Comments
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
1999
Started by Priyanka Aash on Wednesday. 0 Replies 0 Likes
What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue
Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies 0 Likes
Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue
Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies 0 Likes
(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue
Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies 1 Like
(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue
# Manageengine Adaudit Plus -vs- Netwrix Auditor
# Rapid7 Nexpose -vs- Tenable Network Security Nessus
# Algosec Firewall Analyzer -vs- Tufin Orchestration Suite
# Hp Arcsight Siem Solutionarcsight Express -vs- Splunk Enterprise Splunk Cloud Splunk Light
# Cisco Meraki Mx Appliances -vs- Fortinet Fortigate
# Cloud Access Security Broker
# Distributed Denial of Service
# Network Advanced Threat Protection
Follow us
© 2021 Created by CISO Platform.
Powered by
Badges | Report an Issue | Privacy Policy | Terms of Service