This in-depth research paper explores a number of methods to exploit vulnerabilities within the SAP enterprise resource planning (ERP) system. In collaboration with its community contributors, Rapid7’s security researchers published this research report that:
These methods have been implemented and published in the form of more than 50 modules for Metasploit, a free, open source software for penetration testing.
The modules enable companies to test whether their own systems could be penetrated by an attacker. Many attackers will try to gain access to SAP systems by pivoting through a host on a target network, for example after compromising a desktop system through a spear phishing email. However, Rapid7 researchers found close to 3,000 SAP systems directly exposed to the Internet providing direct access to attackers.
If your business runs SAP, download this research paper today and learn about the weaknesses and attack vectors that could be used to gain access to your data and systems—before an attacker does.