Topics today include a study of the Cloud Security Alliance on the transfer of ERP applications to the cloud, as well as the improvement of Metasploit Framework 5.0 open source security testing.
According to a Cloud Security Alliance survey sponsored by Onapsis and published on Jan. 11, 69 percent of companies transfer data from enterprise resource planning platforms such as SAP and Oracle, but there are still a number of different companies. misconceptions about security.
JP Perez-Etchegoyen, president of CSA's ERP Security Working Group for Capsul and CSA, said: "Given the complexity of ERP applications, we still see organizations centering their ERP security strategy on fundamental security such as than [Identity and Access Management], [Governance Risk and Compliance] and [Segregation of Duties]. But security needs to be addressed in a holistic way, and it should take into account other aspects such as ERP customizations, ERP configurations, ERP monitoring, ERP integrations, ERP vulnerabilities and other ERP risks. "
The study found that among the security controls used to protect ERP deployments in the cloud, identity and access management controls are used by 68% of companies. Other frequently used tools include firewalls and vulnerability assessment.
Metasploit Open-source penetration testing technology has been updated with the new version 5.0, allowing researchers to test exploits against targets to see if they are at risk, to penetrate the defense measures in place .
The Metasploit 5.0 release introduces many new and improved features, including automation APIs, evasion modules, and usability enhancements. The Metasploit 5.0 update is the first major release since the release of Metasploit 4 in 2011.
Among the major new features of Metasploit 5.0, there is the backend extensibility of the structure's database, which can now be run as a REST web service. By extending the database as a Web service, several external tools can be extracted from the same database and interact with each other.