SAP

Russian company ERPScan, which specialises in the security analysis of SAP systems, has published a report which shows that many organisations using those systems have vulnerable services exposed to the internet. Depending on the service in use, 5 to 25% of companies have vulnerable services exposed to the public. The security firm compiled the data by using a combination of Google searches and TCP port scans of more than a thousand companies from around the world.

More than 95 percent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.

Attackers targeting SAP platforms don't need access credentials to perform these attacks, said Juan Perez-Etchegoyen, CTO of Onapsis, a Buenos Aires consulting firm focused on ERP systems and business-critical infrastructure. Perez-Etchegoyen made his remarks at the Hack in the Box conference in Amsterdam on Thursday. 

SAP, the world's biggest maker of business software, aims to set a fresh profit record this year as it banks on robust corporate spending on technology.

Investors have worried that they may have overestimated the resilience of corporate tech spending in a deteriorating global economy, especially after SAP's big rival Oracle Corp reported weak quarterly results last month.

SAP AG's purchase of Web-based software company SuccessFactors Inc could be the catalyst the old-school German technology giant needs to try to catch up to rivals in the fast-growing cloud computing market.

SAP has struggled for more than five years to create business applications that are hosted on the cloud, or Web, and the company lags behind pioneer Salesforce.com Inc and larger rival Oracle Corp in the so-called software as a service (SaaS) market, analysts say.

Over 1000 Security professionals, technical decision makers and IT buffs from around the region were treated to a buffet of ground-breaking security updates, defense methods and latest vulnerabilities from 37 international speakers at the Hack In The Box Security Conference 2011 today. These new exploits affect the spectrum of enterprises and end users alike.

L33tdawg: Further details of Alexander Polyakov's SAPocalypse presentation is here. Online registration closes on the 7th but walk-in registrations are still accepted there after.

SAP customers looking to open iTunes-like enterprise app stores through Apple's Volume Purchase Program (VPP) will soon have the ability to manage and deploy the software securely thanks to new VPP support in the Sybase Afaria platform, SAP said Tuesday at the Tech Ed conference in Las Vegas.

Afaria delivers mobile applications to devices and allows IT staff to apply authorization levels, making sure only the right employees get to use the software. The platform also manages mobile devices and tracks application usage and licenses.