Social Network For Security Executives: Network, Learn & Collaborate
Third critical area. Unnecessary functionality
What is the most common problem of any more or less complex application? In essence, they almost always have numerous unnecessary functions aimed to perform multiple tasks.
Obviously, that makes the whole system vulnerable. The more functionality is available, the higher becomes the number of vulnerabilities. "Complexity Kills Security"
More importantly, all those functions are enabled by default right from the…
Added by Alexander Polyakov on February 11, 2015 at 3:33pm — No Comments
Second critical category. Default passwords for access to the application
For the two previous weeks we’ve been discussing the top-9 critical areas and the 33 steps to be taken for security assessment. Ultimately, we’ve covered patch management flaws - the first critical category in our list. As you should have probably guessed, today it’s time we take a closer look at the next item from our list of critical issues - default passwords.
It is a wide reaching…Continue
Added by Alexander Polyakov on February 2, 2015 at 9:30pm — No Comments
First critical issue. Patch management flaws
In our previous articles we’ve already introduced you to the list of the 9 most important business application security critical issues. We’ve also had a chance to present to you the skeleton of our guideline with its 33 security assessment steps. As you’ve seen only the skeleton of it, now it’s high time to pay attention to a more detailed explanation of each step to be taken.
In order to insure full-scale system security it…Continue
Added by Alexander Polyakov on January 26, 2015 at 10:00pm — No Comments
With this article we are starting a new series of guidelines describing some basic assessment procedures one can carry out on various business applications that would help security professionals to expand their ERP systems’ immunity to attacks.
As we all know, ERP systems such as SAP may favour the quality of management of all the information and resources involved in a company's operations.
However, while ERP applications promote the way business processes are organized, they…Continue
Added by Alexander Polyakov on December 8, 2014 at 2:00pm — No Comments
This article will be about different guidelines, which can help to secure your SAP system. But nothing to worry about - this post will nevertheless remain useful and interesting, even if it does not contain information about 0-days or have no words like “cyber” or “weapon” in title. So, let’s go.
This blog post will be about new guideline, or standard, for securing - or testing of the security - of SAP implementations, which is going to be a first standard of the EAS-SEC standard…Continue
Added by Alexander Polyakov on December 3, 2014 at 7:30pm — No Comments