En Español | Site Map
 
Soluciones de Seguridad Informática Cybsec Security Systems
Home PageAbout UsServicesTrainingNewsArticlesResearchContact Us Contact Us via Email
 
 

Research

  In CYBSEC S.A we know that the basis for improvement in the field of Systems Security and prevention of computer fraud is permanent research and knowledge exchange.
 

1. Security Advisories

Vulnerabilities found by CYBSEC S.A:

  • CYBSEC Security Advisory - SAP dscdb6up on AIX Local Privilege Escalation (See SAP Note #1158618) - (July 2008)
  • CYBSEC Security Advisory - SAP Gateway Monitor Remote Access Bypass (See SAP Note #1072946) - (July 2008)
  • CYBSEC Security Advisory - SAP RFCEXEC Security Bypass (See SAP Note #1140031) - (July 2008)
  • CYBSEC Security Advisory - SAP SAPGUI Buffer Overflow - (July 2008)

2. Security Vulnerability Disclosure Policy

Security Vulnerability Disclosure Policy (PDF Format)

3. Tools

SAFE: This software was especially developed to test the security level in SAP/R3 implementations.


With SAFE you will be able to learn easily and automatically if a SAP installation fulfills the major security requirements demanded by audits and international regulations (Sarbanes Oxley Act, HIPAA, PCI, CobIT, etc.).


SAFE performs a thorough analysis of configuration, authorization, communications, and other parameters in the SAP installation and compares them to international best practices; results are shown in reports indicating the target value to be achieved.


SAFE is available in FREE Version and ENTERPRISE Version format.

Download SAFE FREE Version

sapyto: sapyto is a SAP Penetration Testing Framework. It enables security professionals to perform security assessments of different components of SAP R/3 deployments. Presented at Blackhat Europe 2007, it was shipped with many plugins to analyze the security of the RFC interface implementation of SAP systems. The plugin-based architecture enables users to develop their own plugins, extending functionality and allowing the framework to detect new vulnerabilities.

Download sapyto

W3AF: w3af is a framework to perform Web Application penetration testing. It can perform all the phases of a penetration test: discovery, audit, exploit and privilege escalation. The tool can be easily extended using plugins, is distributed under the GPLv2 license and is fully developed in Python. CYBSEC collaborated in the development of w3af and is a platinum sponsor of it.

http://w3af.sourceforge.net/

  ©2010 Cybsec All rights reserved
About Us | Strategic Management | Operation Management | Control Management | Incident Management | PCI Audits | Training | News | Articles | Research | Contact Us Design by Alfadesign