Virtual Forge, an Onapsis company, is a leading solution provider in the cybersecurity industry for SAP solutions.
Since 2006, Virtual Forge has worked closely with customers to provide the highest security, compliance and quality standards for their SAP systems. Virtual Forge has pioneered the field of SAP custom code scanning, launching its flagship solution CodeProfiler in 2009. In June 2019, Onapsis acquired Virtual Forge to deliver the cybersecurity industry’s first and only comprehensive business-critical application cybersecurity and compliance platform.
As an Onapsis company, Virtual Forge will continue to accelerate its mission to develop and deliver new technologies and disruptive methods that ensure SAP systems and applications are protected against cyberattacks, fraud and unnecessary downtime.
your "XSS - Cross Site Scripting Explained" video was awesome. so thankful to you for that video. there comment session was off. that's why i am commenting here, thanks for the video.
Hi - the different slides with the commentary contain the following: No 1 Creating an RFC Connection to a different "external" SAP system Executing external OS commands using the newly created RFC connection This is possible without having to enter username and/or password! No2 RFC connection to system "VD1" has now been created and configured to execute external OS commands on the target system To create the RFC connection and execute OS commands, no username or password was necessary No3 Summary: The newly created RFC connection enabled us to execute OS commands on the external targeted SAP system Important information could be acquired this way It's possible to gain access to a system, manipulate it or even compromise entirely Hope that helps
Martin English Authorization checks are being done. The issue is that the authorization checks are done at PBO time and (as is usually the case) not repeated at PAI time. I.e. the state of the screen elements is changed based on the authorizations (during PBO), but this is not sufficient - as you can see.
*Demo: How to secure Internet Services within SAP using the Virtual Forge SystemProfiler* _(vs manual approach)_ #SystemProfiler #SAP #Security #Compliance #Demo #Video
*SAP Live Hacking: How to exploit hidden OK codes in a customer transaction* - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-mBJk-HJaebI.html #SAP #Security #Hacking #Video