What's@Stake

SAP Application Security Assessments - Part 2: Port Scanning Your SAP Application

Christopher.Emerson | 13 Apr 2012 | 0 comments

You are probably already familiar with Nmap and port scanning in general. I won't waste too much of your time walking through the ins and outs of Nmap, but we will take a look at some of the specific ports of interest for SAP applications.

First off, we need to run Nmap. I personally like to check all ports, as you never know what you will find.

$ nmap -vvv -A -oA <output filename> -p 1-65535 <target ip address>

Obviously, your results will vary from assessment to assessment. A full list of the ports used by SAP applications can be found at http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/4e515a43-0e01-0010-2da1-9bcc452c280b?QuickLink=index&overridelayout=true....

SAP Application Security Assessments - Part 1: Setting Up Your Testing Environment

Christopher.Emerson | 25 Apr 2012 | 0 comments

"Can you take a look at the security for our new SAP application?"

- Client

"Sure..."

- You

Maybe you are already familiar with penetration testing Germany based enterprise software vendor SAP AG (System, Application and Products in Data Processing) and their infinitely customizable enterprise resource planning applications. If that is the case, then stop reading.

If you are still here, that means you have probably accepted, or had forced upon you, the task of assessing the security of an SAP application. This blog series will hopefully give you a decent idea of what tools are available and what to start looking for.

Testing Environment

This series will assume you have Linux already installed. Many of the tools will also work in a Windows environment, but a few have additional functionality that is only available in Linux.

We'll start by...

What's@Stake

Links

About What's@Stake

Filter by:

Blog Tags