Difference between revisions of "Enterprise Business Application Vulnerability Statistics"

From OWASP
Jump to: navigation, search
m
 
(One intermediate revision by one user not shown)
Line 3: Line 3:
 
== Objective  ==
 
== Objective  ==
  
This document is the first statistics report which will be repeated annually with showing tendencies and changes in Enterprise Business Application Security area.  
+
This document is the first statistics report which will be repeated annually, showing tendencies and changes in Enterprise Business Application Security area.  
  
 
== Purpose  ==
 
== Purpose  ==
  
This document we will show a result of statistical research in the Business Application security area made by DSECRG and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical are those and what tendences we see.  
+
This document will show a result of statistical research in the business application security area made by ERPScan Research Group and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical those are and what kind of tendences we see.  
  
 
== Intro  ==
 
== Intro  ==
  
Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security as these applications store business data and any vulnerability in these applications will cause a significant monetary loss. Nonetheless people still don’t pay much attention to Enterprise Business Application area as we see during our and our collegues research and audit data. Business applications are very large and complex systems that consists of different components such as Database server, Front-end, Web server, Application server and other parts. Also those systems lay on different Hardware and software that can have their own vulnerabilities. Overall security of Enterprise Business Application consists of different layers such as: • Network architecture security • Os security • Database security • Application security • Front-end security
+
Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security because these applications store business data, and any vulnerability in these applications will cause a significant monetary loss. Nonetheless, people still don’t pay much attention to enterprise business application area, as we see during our and our collegues' researches and audits. Business applications are very large and complex systems that consist of different components such as Database server, Front-end, Web server, Application server and other parts. Also, those systems rely on different hardware and software that can have their own vulnerabilities. Overall security of Enterprise Business Application consists of different layers such as:  
  
Every described layer may have their own vulnerabilities that can give attacker full access to business data even if other layers are fully secured. In this document all the popular applications from described levels and their vulnerabilities vill be shown. The purpose of this document to Increase awareness of Business Application security.
+
• Network architecture security  
  
== Links  ==
+
• OS security
  
Surveys:
+
• Database security
  
[http://dsecrg.com Business applications vulnerability statistics 2009 and future trends] - Presentation by Dmitry Evdokimov and Dmityy Chastuhin
+
• Application security
  
[https://www.owasp.org/images/6/6b/SAP_Security_in_figures_-_a_global_survey_2007-2011._OWASP-EAS.pdf SAP Security In Figures – A Global Survey 2007-2011]
+
• Front-end security
  
 +
Each of the described layers may have their own vulnerabilities that can give an attacker full access to business data, even if other layers are fully secured. In this document, all the popular applications from described levels and their vulnerabilities will be shown. The purpose of this document is to increase awareness about business application security.
  
 +
== Links  ==
  
 +
Surveys:
 +
 +
[http://dsecrg.com Business applications vulnerability statistics 2009 and future trends] - Presentation by Dmitry Evdokimov and Dmitry Chastukhin
 +
 +
[https://www.owasp.org/images/6/6b/SAP_Security_in_figures_-_a_global_survey_2007-2011._OWASP-EAS.pdf SAP Security In Figures – A Global Survey 2007-2011]
  
 
Links:
 
Links:
 +
 
[http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a SAP SDN page with latest vulnerabilities]  
 
[http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a SAP SDN page with latest vulnerabilities]  
  
Line 34: Line 42:
 
== Authors  ==
 
== Authors  ==
  
Alexander Polyakov, Alexey Tuyrin, Nikolay Mescherin, Kirill Nikitenkov, Dmitriy Chastuhin, Dmitriy Evdokimov
+
Alexander Polyakov, Alexey Tyurin, Nikolay Mescherin, Kirill Nikitenkov, Dmitry Chastukhin, Dmitry Evdokimov
  
 
<br>
 
<br>
  
 
== Contributors  ==
 
== Contributors  ==

Latest revision as of 12:01, 16 September 2013

Contents

Statistics

Objective

This document is the first statistics report which will be repeated annually, showing tendencies and changes in Enterprise Business Application Security area.

Purpose

This document will show a result of statistical research in the business application security area made by ERPScan Research Group and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical those are and what kind of tendences we see.

Intro

Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security because these applications store business data, and any vulnerability in these applications will cause a significant monetary loss. Nonetheless, people still don’t pay much attention to enterprise business application area, as we see during our and our collegues' researches and audits. Business applications are very large and complex systems that consist of different components such as Database server, Front-end, Web server, Application server and other parts. Also, those systems rely on different hardware and software that can have their own vulnerabilities. Overall security of Enterprise Business Application consists of different layers such as:

• Network architecture security

• OS security

• Database security

• Application security

• Front-end security

Each of the described layers may have their own vulnerabilities that can give an attacker full access to business data, even if other layers are fully secured. In this document, all the popular applications from described levels and their vulnerabilities will be shown. The purpose of this document is to increase awareness about business application security.

Links

Surveys:

Business applications vulnerability statistics 2009 and future trends - Presentation by Dmitry Evdokimov and Dmitry Chastukhin

SAP Security In Figures – A Global Survey 2007-2011

Links:

SAP SDN page with latest vulnerabilities

Oracle Secalert CPU page with latest vulnerabilities


Authors

Alexander Polyakov, Alexey Tyurin, Nikolay Mescherin, Kirill Nikitenkov, Dmitry Chastukhin, Dmitry Evdokimov


Contributors