top of page
Search
roecromcelco1975

|VERIFIED| Onapsis Bizploit – ERP Penetration Testing Framework: What You Need to Know



The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.


Bizploit is the first open source ERP penetration testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP penetration tests.




|VERIFIED| Onapsis Bizploit – ERP Penetration Testing Framework



Penetration testing is the practice of checking computer networks, machines and applications for security vulnerabilities. Also called pen testing and ethical hacking, penetration testing employs tactics that are indistinguishable from real-world cyberattacks. The only difference is that pen testing does no harm.


One way to protect your enterprise from cyberattacks is to do penetration testing on your SAP systems. If you hire an experienced tester, identify your most critical SAP vulnerabilities, identify entry points, test your systems and document your findings, you will be in the best position to remediate your vulnerabilities.


Onapsis Bizploit assists security professionals in the discovery, exploration, vulnerability assessment, and exploitation phases of specialized SAP penetration testing. Onapsis Bizploit currently ships with many plugins to assess the security of SAP Business Platforms.


Bizplot is an SAP unoffensive pen-testing tool that automates the tasks and checks for a list of vulnerabilities that may be present on an SAP component. The interface is quite similar to the Metasploit framework. To begin with, it follows the commands in the sequence as demonstrated in the below evidence:


4. Onapsis Bizploit: It is the open-source ERP penetration testing framework developed by the Onapsis Research Labs. Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP penetration tests. Readers may visit to know more about this tool.


French coder and hacker enthusiast for more than 10 years. Information security professional and researcher with experience in penetration testing, and software security assessments. Active in various security mailing-lists and forums. Early contributor to projects like the Metasploit Framework and Rainbow Tables projects. VP, Director of Software Engineering for NETpeas. Technical leader of a CSIRT for a CERT. Speaker and trainer at ToorCon (USA), VNSecon (Vietnam), HSF (Paris). Organizer of the FRHACK IT Security Conference.


Antonios Atlasis, MPhil, PhD, is an independent IT Security analyst with a passion for information security research. He has over 20 years of diverse Information Technology experience. Antonios is also an accomplished instructor and software developer with research interests in the areas of penetration testing, incident handling, intrusion analysis and bug-finding. Antonios recently joined the Centre for Strategic Cyberspace + Security Science non-profit organisation.


While Don's primary expertise is in developing exploit technologies, he is also well versed at reverse engineering, fuzzing, enterprise and embedded programming, source code auditing, rootkit detection and design, and network penetration testing. In addition, Don has helped develop and enhance risk management programs for several Fortune 500 companies and has been invited to speak about risk management from a CISO perspective at government organized conferences.


Tyrone Erasmus is an Information Security Consultant at MWR InfoSecurity with a degree in Computer Engineering. He enjoys delving into many different areas of penetration testing and security research, with the majority of his research efforts being poured into Android. Tyrone has a great interest in creating tools and frameworks that can be used in easing the process of exploitation on various systems.


Eric Fulton is a specialist in network penetration testing and web application assessments. His clients have included Fortune 500 companies, international financial institutions, global insurance firms, government entities, telecommunications companies, as well as world-renowned academic and cultural institutions. In his spare time, Eric works with local students to provide hands-on security training, and conducts independent security research on a number of topics. He publishes network forensics contests on ForensicsContest.com.


Ling Chuan Lee (a.k.a lclee_vx) currently works as a Malware Researcher in CyberSecurity Malaysia. He has over 10 years of experience in reverse engineering and penetration testing. He also founded a personal research blog, F-13 Lab. He is now further the study in National University of Malaysia (UKM) as Ph.D (Doctor of Philosophy) student, majoring Antivirus Core Engine Design. lclee_vx has presented his security research in DEFCON16, SYSCAN'10 HangZhou, IEEE MICC2009, IEEE ICACT 2011, CCC SIGINT 2010, Swiss CyberStorm 2011 and numerous other events. His research topics included in-depth malware or vulnerability analysis on decryption, penetration testing, kernel driver, rootkit and hooking.


Steve is a penetration tester and malware analyst based in the UK. As well as being a Check Team Leader at Mandalorian, Steve also sits on the Tiger Scheme Technical Panel where he advises the scheme on certification relating to penetration testing and malware analysis.


Nikhil Mittal is a hacker, info sec researcher and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has over 3 years experience in Penetration Testing of many Government Organizations of India and other global corporate giants at his current job position.


Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).


Even though he is relatively new to penetration testing and exploit-development he has reported 30+ PoC exploits (over the past 4 months) to various software companies who produce some of the most popular Security Gateways.


Aunque conocíamos buenas herramientas como Sapyto, un framework para auditoria de sistemas SAP del que ya habíamos hablado en la comunidad, y una excelente charla que dio Mariano Nuñez Di Croce, su creador, donde habla de pentesting a sistemas SAP, seguíamos sin encontrar una metodología a seguir, por eso decidimos preguntar en Twitter si alguien conocía alguna metodología para realizar un pentest en sistemas SAP y la respuesta fue tan buena que dio lugar a la creación de este post, donde pretendemos reunir en un solo lugar, los mejores recursos que puedas llegar a necesitar cuando realices una auditoria a sistemas SAP. 2ff7e9595c


1 view0 comments

Recent Posts

See All

Comments


bottom of page