Tutorial eBooks PDF File Download

Abstract SAP security is still a dark world. Very little information can be found on the Net and almost every question related to security assessment of these applications remains unanswered. This paper has the intention of bringing some light into that world, providing the results of a security analysis performed over the SAP RFC interface implementation. SAP RFC interface is the heart of communications between SAP systems, and between SAP and external software. Almost every system that wants to interact with SAP systems does so using the RFC interface. As stated by SAP: "The RFC library is the most commonly used and installed component of existing SAP software". This paper describes vulnerabilities discovered in the RFC Library and their security impact. Furthermore, advanced attacks, exploiting default mis-configurations and design flaws in the interface implementation, are presented and explained. Finally, it provides solutions and suggested configurations to protect from described attacks and vulnerabilities..