This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Enterprise Business Application Vulnerability Statistics 2009"
m |
|||
| Line 1: | Line 1: | ||
== Objective == | == Objective == | ||
| − | This document is the first statistics report which will be repeated annually | + | This document is the first statistics report which will be repeated annually, showing tendencies and changes in Enterprise Business Application Security area. |
== Purpose == | == Purpose == | ||
| − | + | In this document, we will show the results of statistical research in the Business Application security area made by ERPScan Research Group and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical they are and what kind of tendencies we see. | |
== Intro == | == Intro == | ||
| − | Business applications like ERP, CRM, SRM | + | Business applications like ERP, CRM, SRM are one of the major topics within the field of computer security because these applications store business data, and any vulnerability in them will cause significant monetary loss. Nonetheless, people still don’t pay much attention to Enterprise Business Application area, as we see during our and our colleagues' research and audits. Business applications are very large and complex systems that consist of different components such as Database server, Front-end, Web server, Application server, and other parts. Also, those systems rely on various hardware and software that can have their own vulnerabilities. The overall security of Enterprise Business Application consists of different layers, such as:<br> |
| − | • Network architecture security | + | • Network architecture security<br> |
| − | • Os security | + | • Os security<br> |
| − | • Database security | + | • Database security<br> |
| − | • Application security | + | • Application security<br> |
| − | • Front-end security | + | • Front-end security. |
| − | Every described layer may have | + | Every described layer may have its own vulnerabilities that can give attackers full access to business data even if other layers are fully secured. |
| − | In this document all | + | In this document, all popular applications from the described levels and their vulnerabilities will be shown. The purpose of this document to increase awareness of Business Application security. |
== Links == | == Links == | ||
| − | [http://dsecrg.com Business applications vulnerability statistics 2009 and future trends] - Presentation by Dmitry Evdokimov and | + | [http://dsecrg.com Business applications vulnerability statistics 2009 and future trends] - Presentation by Dmitry Evdokimov and Dmitry Chastukhin |
[http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a SAP SDN page with latest vulnerabilities] | [http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a SAP SDN page with latest vulnerabilities] | ||
| Line 33: | Line 33: | ||
| − | Alexander Polyakov ( | + | Alexander Polyakov (ERPScan Research Group) |
| − | + | Dmitry Chastukhin (ERPScan Research Group) | |
| − | Dmitriy Evdokimov ( | + | Dmitriy Evdokimov (ERPScan Research Group) |
Revision as of 16:42, 26 December 2012
Objective
This document is the first statistics report which will be repeated annually, showing tendencies and changes in Enterprise Business Application Security area.
Purpose
In this document, we will show the results of statistical research in the Business Application security area made by ERPScan Research Group and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical they are and what kind of tendencies we see.
Intro
Business applications like ERP, CRM, SRM are one of the major topics within the field of computer security because these applications store business data, and any vulnerability in them will cause significant monetary loss. Nonetheless, people still don’t pay much attention to Enterprise Business Application area, as we see during our and our colleagues' research and audits. Business applications are very large and complex systems that consist of different components such as Database server, Front-end, Web server, Application server, and other parts. Also, those systems rely on various hardware and software that can have their own vulnerabilities. The overall security of Enterprise Business Application consists of different layers, such as:
• Network architecture security
• Os security
• Database security
• Application security
• Front-end security.
Every described layer may have its own vulnerabilities that can give attackers full access to business data even if other layers are fully secured. In this document, all popular applications from the described levels and their vulnerabilities will be shown. The purpose of this document to increase awareness of Business Application security.
Links
Business applications vulnerability statistics 2009 and future trends - Presentation by Dmitry Evdokimov and Dmitry Chastukhin
SAP SDN page with latest vulnerabilities
Oracle Secalert CPU page with latest vulnerabilities
Annual report comming soon...
Authors
Alexander Polyakov (ERPScan Research Group) Dmitry Chastukhin (ERPScan Research Group) Dmitriy Evdokimov (ERPScan Research Group)
Contributors
Leodid Kats (dsec.ru) Olga Yurova (dsec.ru)
