Vulnerabilities found by CYBSEC S.A:
- CYBSEC Security Advisory - SAP dscdb6up on AIX Local
Privilege Escalation (See SAP Note #1158618) - (July 2008)
- CYBSEC Security Advisory - SAP Gateway Monitor Remote
Access Bypass (See SAP Note #1072946) - (July 2008)
- CYBSEC Security Advisory - SAP RFCEXEC Security Bypass
(See SAP Note #1140031) - (July 2008)
- CYBSEC Security Advisory - SAP SAPGUI Buffer Overflow
- (July 2008)
Vulnerability Disclosure Policy
Vulnerability Disclosure Policy (PDF Format)
software was especially developed to test the security level
in SAP/R3 implementations.
With SAFE you will be able to learn easily and automatically
if a SAP installation fulfills the major security requirements
demanded by audits and international regulations (Sarbanes
Oxley Act, HIPAA, PCI, CobIT, etc.).
SAFE performs a thorough analysis of configuration, authorization,
communications, and other parameters in the SAP installation
and compares them to international best practices; results
are shown in reports indicating the target value to be achieved.
SAFE is available in FREE Version and ENTERPRISE Version format.
Download SAFE FREE Version
is a SAP Penetration Testing Framework. It enables security
professionals to perform security assessments of different
components of SAP R/3 deployments. Presented at Blackhat Europe
2007, it was shipped with many plugins to analyze the security
of the RFC interface implementation of SAP systems. The plugin-based
architecture enables users to develop their own plugins, extending
functionality and allowing the framework to detect new vulnerabilities.
is a framework to perform Web Application penetration testing.
It can perform all the phases of a penetration test: discovery,
audit, exploit and privilege escalation. The tool can be easily
extended using plugins, is distributed under the GPLv2 license
and is fully developed in Python. CYBSEC collaborated in the
development of w3af and is a platinum sponsor of it.