Why compromise just one website when you can compromise a whole bunch of them all at once?
8 Areas to Include in SAP Access Control Testing
Information Technology General Controls (ITGC) are the basic controls that can be applied to IT systems such as applications, operating systems, databases, and supporting IT infrastructure. The objective of ITGCs is to ensure the integrity of the data and processes the systems support.
Your SAP ERP applications cross all four systems: IT Infrastructure Applications, Databases, Operating Systems, and the Application Layer. Access control tests, our central focus for this post, are targeted at the Application Layer of your SAP applications. In a recent post, we discussed the importance of security health checks in monitoring SAP access, and today we want to continue the access security conversation by examining the importance of ITGC Access Controls testing in an SAP environment.
Let’s Get Cracking: A Beginner’s Guide to Password Analysis
The Focal Point Attack & Penetration team performs many internal penetration tests that culminate in a compromise of Windows Active Directory domains and access to the password hashes of all domain users. Like many teams that provide pen testing services, we have a high-powered GPU-based password-cracking rig that we use to recover high-value or time-sensitive passwords. But sometimes we’re on-site without access to our VPN or we’re in the the reporting window following a test, and someone is using the rig for an active test. Whatever the reason, we still get a lot of mileage from the classic password cracker, john, even in this age of GPU-based cracking with hashcat (which we also love but is not the focus of this post).
5 Things to Consider before Upgrading from SAP GRC 10.x to GRC 12.0
SAP released a new version of Access Control in March 2018. It became generally available in September 2018, and in January 2019, support pack 3 was issued. In this release, SAP added some new functionality and improved some of the existing functionality. These updates include integration with cloud platforms, enhanced emergency access management, a more robust UI, and more support for Identity Access Governance (IAG). Some of these changes are significant and will require some technical steps before you can upgrade. In this post, we’ll take a look at the increased functionality you’ll gain by moving to v12 and how you can prepare for this upgrade.