SecuritySilverbacks / SAP-AttackSurfaceDiscovery

SAP application service interface discovery and scanning
8 stars 2 forks source link
discovery sap vulnerability-scanners

SAP Attack Surface Discovery

build and release of Container image

[!WARNING] Make sure you have the appropriate permissions to actively scan and test applications. Without doing so, you might face legal implications

The project aims to help organizations and security professionals to identify and discover open SAP services through the use of different network scanning techniques. This allows individuals to further test these services for any potential threat that might affect SAP applications in their organizations.

OWASP CBAS project

Three areas within the NO MONKEY Security Matrix can benefit from the project:

  1. Identify – NIST Security Functions
  2. Detect - NIST Security Functions
  3. Integration – IPAC Model

Identify | Integration

When applied to a single organization, the results from the project can aid organizations to further concentrate their efforts in the IDENTIFY and INTEGRATION quadrant of the NO MONKEY Security Matrix.

Detect | Integration

Another potential area of benefit will be under the DETECT and INTEGRATION quadrant, this will allow organizations to automate their monitoring capabilities when it comes to publishing SAP application to the internet. If publishing these applications is not a requirement and have been done due to misconfiguration then the organization would be able to properly detect it.

More information can be found on the OWASP CBAS project Page

SAP Attack Surface Discovery Wiki

More information, benefits and details to each service can be found in the Wiki

button

Communication and Contribution

Anyone interested in supporting, contributing or giving feedback join us in our discord channel

We have also included a section about contribution in out Wiki, which can be found here