Author Topic: SAP's own security  (Read 33564 times)

Offline Yuki

  • Newbie
  • *
  • Posts: 44
  • Kudos +0/-0
SAP's own security
« on: August 14, 2014, 11:03:31 AM »
I tested SAP against SlopFinder, a project which looks for use of DEP & ASLR.
http://icebuddha.com/slopfinder.htm

And glad to find all relevant SAP components use both protection measures.



7zip don't use, but it's not SAP's fault and probably it is for new compression feature added to UAV.
Others seems to be kernel mode drivers which can't be apply DEP or ASLR to.

But I want some more clarification about SAP's own security.
I don't ask what program language is used  since it might be secret, but do you use any secure coding method and have an audit team or process including e.g. fuzzing other than peer code review?

SAP seems to use filter driver but does SAP makes use of hook to block e.g. an execution of a process?

Also I found I can safely kill some of SAP processes but what exact process have self-protection?

Finally, Does any of SAP's process is/will be compatible with EMET?

Sorry for asking so much questions at once.
It's not real security to protect only from malware.

Offline Tarnak

  • Newbie
  • *
  • Posts: 5
  • Kudos +0/-0
Re: SAP's own security
« Reply #1 on: August 14, 2014, 09:08:34 PM »
Very interesting. I went to the site and I got, this:  :)






Offline sinlam

  • Jr. Member
  • **
  • Posts: 67
  • Kudos +2/-0
    • secureaplus.secureage.com
Re: SAP's own security
« Reply #2 on: August 15, 2014, 03:02:01 AM »
I tested SAP against SlopFinder, a project which looks for use of DEP & ASLR.
http://icebuddha.com/slopfinder.htm

And glad to find all relevant SAP components use both protection measures.


7zip don't use, but it's not SAP's fault and probably it is for new compression feature added to UAV.
Others seems to be kernel mode drivers which can't be apply DEP or ASLR to.

But I want some more clarification about SAP's own security.
I don't ask what program language is used  since it might be secret, but do you use any secure coding method and have an audit team or process including e.g. fuzzing other than peer code review?

SAP seems to use filter driver but does SAP makes use of hook to block e.g. an execution of a process?

Also I found I can safely kill some of SAP processes but what exact process have self-protection?

Finally, Does any of SAP's process is/will be compatible with EMET?

Sorry for asking so much questions at once.

Hi Yuki,

We use secure coding method most of the time and we don't use any kind of hooking. Our test team has also tested SecureAPlus with EMET and it works fine. That's all I can say and sorry, I can't share any further ;)

_____________________________________
SecureAPlus - It is not just another antivirus!
Free download at secureaplus.secureage.com

Offline Yuki

  • Newbie
  • *
  • Posts: 44
  • Kudos +0/-0
Re: SAP's own security
« Reply #3 on: August 15, 2014, 12:09:25 PM »
Very interesting. I went to the site and I got, this:  :)

Oh, I didn't know that 'cause I used Chrome to access the site.


Hi Yuki,

We use secure coding method most of the time and we don't use any kind of hooking. Our test team has also tested SecureAPlus with EMET and it works fine. That's all I can say and sorry, I can't share any further ;)


That's okay, in fact that's all I wanted to hear from you. :)
As to self-protection and EMET compatibiity, I'll test personally but not soon.
It's not real security to protect only from malware.