This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Enterprise Application Vulnerability Statistics"
(Created page with "==== Statistics ==== == Objective == This document is the first statistics report which will be repeated annually, showing tendencies and changes in Enterprise Business Ap...") |
|||
| Line 29: | Line 29: | ||
Surveys: | Surveys: | ||
| − | [http:// | + | [https://www.owasp.org/images/6/6b/SAP_Security_in_figures_-_a_global_survey_2007-2011._OWASP-EAS.pdf SAP Security In Figures – A Global Survey 2007-2011] |
| + | |||
| + | [http://erpscan.com/wp-content/uploads/2014/02/SAP-Security-in-Figures-A-Global-Survey-2013.pdf SAP Security In Figures – A Global Survey 2013] | ||
| − | |||
Links: | Links: | ||
Revision as of 23:12, 13 April 2014
Statistics
Objective
This document is the first statistics report which will be repeated annually, showing tendencies and changes in Enterprise Business Application Security area.
Purpose
This document will show a result of statistical research in the business application security area made by ERPScan Research Group and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical those are and what kind of tendences we see.
Intro
Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security because these applications store business data, and any vulnerability in these applications will cause a significant monetary loss. Nonetheless, people still don’t pay much attention to enterprise business application area, as we see during our and our collegues' researches and audits. Business applications are very large and complex systems that consist of different components such as Database server, Front-end, Web server, Application server and other parts. Also, those systems rely on different hardware and software that can have their own vulnerabilities. Overall security of Enterprise Business Application consists of different layers such as:
• Network architecture security
• OS security
• Database security
• Application security
• Front-end security
Each of the described layers may have their own vulnerabilities that can give an attacker full access to business data, even if other layers are fully secured. In this document, all the popular applications from described levels and their vulnerabilities will be shown. The purpose of this document is to increase awareness about business application security.
Links
Surveys:
SAP Security In Figures – A Global Survey 2007-2011
SAP Security In Figures – A Global Survey 2013
Links:
SAP SDN page with latest vulnerabilities
Oracle Secalert CPU page with latest vulnerabilities
Authors
Alexander Polyakov, Alexey Tyurin, Nikolay Mescherin, Kirill Nikitenkov, Dmitry Chastukhin, Dmitry Evdokimov
