Proving business-critical application security not only takes next-level solutions, it also takes thought leadership. Here you'll find a growing library of materials to help you build your business-critical application security strategy and drive your company forward, confidently.

Volume IV: The Invoker Servlet – A Dangerous Detour into SAP Java Solutions

SAP Application Servers Java, supported by the J2EE Engine, serve as the base framework for running critical solutions such as the SAP Enterprise Portal, SAP Exchange Infrastructure (XI), SAP Process Integration (PI) and SAP Mobile Infrastructure (MI). In addition, customers can also deploy their own custom Java applications on these platforms.

In December 2010, SAP released an important white-paper describing how to protect against common attacks against these applications. Among the security concepts detailed, there was one that was particularly critical: the Invoker Servlet. This functionality is subject to several threats to SAP platforms, such as the possibility of completely bypassing the authentication and authorization mechanisms.

This publication analyzes the Invoker Servlet Detour attack, identifying the root cause of this threat, how to verify whether your platform is exposed and how to mitigate it, effectively protecting your business-critical information against cyber-attacks.

DOWNLOAD NOW

Secure your 
business-critical SAP,
Oracle, Salesforce
and SaaS apps

Get a firsthand look at the visibility, reporting and automation capabilities provided by The Onapsis Platform by scheduling a personalized demo with our application security experts.

Request a demo