SecureAPlus Forum

Forum Support => Software Problems and Questions => Topic started by: Yuki on August 14, 2014, 11:03:31 AM

Title: SAP's own security
Post by: Yuki on August 14, 2014, 11:03:31 AM
I tested SAP against SlopFinder, a project which looks for use of DEP & ASLR.
http://icebuddha.com/slopfinder.htm (http://icebuddha.com/slopfinder.htm)

And glad to find all relevant SAP components use both protection measures.

(http://i.imgur.com/8lOMIhN.png)

7zip don't use, but it's not SAP's fault and probably it is for new compression feature added to UAV.
Others seems to be kernel mode drivers which can't be apply DEP or ASLR to.

But I want some more clarification about SAP's own security.
I don't ask what program language is used  since it might be secret, but do you use any secure coding method and have an audit team or process including e.g. fuzzing other than peer code review?

SAP seems to use filter driver but does SAP makes use of hook to block e.g. an execution of a process?

Also I found I can safely kill some of SAP processes but what exact process have self-protection?

Finally, Does any of SAP's process is/will be compatible with EMET?

Sorry for asking so much questions at once.
Title: Re: SAP's own security
Post by: Tarnak on August 14, 2014, 09:08:34 PM
Very interesting. I went to the site and I got, this:  :)





Title: Re: SAP's own security
Post by: sinlam on August 15, 2014, 03:02:01 AM
I tested SAP against SlopFinder, a project which looks for use of DEP & ASLR.
http://icebuddha.com/slopfinder.htm (http://icebuddha.com/slopfinder.htm)

And glad to find all relevant SAP components use both protection measures.


7zip don't use, but it's not SAP's fault and probably it is for new compression feature added to UAV.
Others seems to be kernel mode drivers which can't be apply DEP or ASLR to.

But I want some more clarification about SAP's own security.
I don't ask what program language is used  since it might be secret, but do you use any secure coding method and have an audit team or process including e.g. fuzzing other than peer code review?

SAP seems to use filter driver but does SAP makes use of hook to block e.g. an execution of a process?

Also I found I can safely kill some of SAP processes but what exact process have self-protection?

Finally, Does any of SAP's process is/will be compatible with EMET?

Sorry for asking so much questions at once.

Hi Yuki,

We use secure coding method most of the time and we don't use any kind of hooking. Our test team has also tested SecureAPlus with EMET and it works fine. That's all I can say and sorry, I can't share any further ;)

Title: Re: SAP's own security
Post by: Yuki on August 15, 2014, 12:09:25 PM
Very interesting. I went to the site and I got, this:  :)

Oh, I didn't know that 'cause I used Chrome to access the site.


Hi Yuki,

We use secure coding method most of the time and we don't use any kind of hooking. Our test team has also tested SecureAPlus with EMET and it works fine. That's all I can say and sorry, I can't share any further ;)


That's okay, in fact that's all I wanted to hear from you. :)
As to self-protection and EMET compatibiity, I'll test personally but not soon.