Onapsis releases iAnalyzer RC1 The SAP Integrity Analyzer
The Onapsis Integrity Analyzer iAnalyzer is a tool to detect modifications of ABAP code in an SAP system. As of now, it works for SAP/Oracle 10g.
This tool is important from the point of view that detection of unauthorized modifications in an SAP system can
not be performed from within the SAP system itself, because of the following reasons:
- The operations performed by the attacker may have manipulated the information available in control fields, such as the “Last modified time” property of an SAP program. This turns this information into completely untrusted.
- It is not possible to ensure that the programs used to analyze ABAP code or Audit the system from the SAP system itself have not been modified to hide the backdoor’s presence.
Using the iAnalizer, you can connect remotely to the SAP database and automatically take a security snapshot of the current state of the ABAP programs available in the SAP system. This snapshot can be saved on your local computer. Periodically, you can take new security snapshots of the targeted SAP system, and, through the comparison with older samples, the tool will notify if any of the programs was modified. This is how the tool looks:
Why is it done this way? Because analysis of the ABAP code at the database level; through an external procedure, and from a different layer is always preferred. Since, the database kernel may have also been compromised to hide the attacker’s activities.
This free tool currently only supports the following platform:
- SAP® R/3
- SAP® NetWeaver
The only thing that could hurt you if your SAP database has already been compromised is that it wont be of much help, unless you have a snapshot of the original state of the system. Together with Bizsploit and Sapyto, this tool can surely help you if not anything secure your SAP database from here on.
This Python coded tool will work on your Windows 2000/XP/Vista/Windows 7. These are its pre-requisites:
- Microsoft Visual C++ 2008 Redistributable Package
- Oracle Instant Client Package – Version 188.8.131.52.0 – Basic