Digital Security Research Group (DSecRG) is the ERPScan research center.
The main mission of DSecRG is to conduct researches of business critical systems such as ERP, CRM, SRM, BI and others developed by SAP and other vendors. The result of this work is then integrates in ERPScan security scanner. Being on the top edge of ERP and SAP security DSecRG research helps to improve a quality of ERPScan consulting services and protects you from the latest threads.
Results of research in ERP security area is published on this site in form of Advisories, Whitepapers and blog entries.
DSecRG experts are frequent speakers in prime International conferences held in USA, EUROPE, CEMEA and ASIA such as BlackHat, HITB, SourceBarcelona, Deepsec, Confedence, Troopers, T2, Ruscrypto, Infosecurity.
DSecRG researchers gain multiple acknowledgements from biggest software vendors like SAP, Oracle, IBM, VMware, Adobe, HP, Kasperskiy, Apache, Alcatel and others for founding vulnerabilities in their solutions.
"The SAP Product Security Response Team thanks all researchers and security IT professionals that helped with discovering and solving security vulnerabilities. Their findings have helped SAP to maintain the security and safety of its customers and partners SAP systems. SAP Source
Our acknowledgements page lists those professionals we have worked with successfully in the past. We thank all security researchers for their excellent work and hope to continue the fruitful relationship between security professionals and SAP.
"The following people or organizations discovered and brought security vulnerabilities addressed by this Critical Patch Update to Oracle's attention: Alexander Polyakov of DSecRG, Alexey Sintsov of DSecRG, Dmitriy Evdokomov of DSecRG." ORACLE Source
"Oracle provides recognition to people that have contributed to our Security-In-Depth program (see FAQ). People are recognized for Security-In-Depth contributions if they provide information, observations or suggestions pertaining to security vulnerability issues that result in significant modification of Oracle code or documentation in future releases For this Critical Patch Update, Oracle recognizes Alexandr Polyakov of DSecRG for contributions to Oracle's Security-In-Depth program." ORACLE Source
"VMware would like to thank Alexey Sintsov from Digital Security Research Group [DSecRG] for reporting this issue to us. The issue is identifed as DSECRG-09-058 by Digital Security Research Group." VMWare Source
"The Hewlett-Packard Company thanks Digital Security Research Group (dsecrg.com) for reporting these vulnerabilities to email@example.com." HP
The head of DSecRG is Alexander Polyakov, who is also the CTO of ERPSCAN. He being the expert of enterprise applications and database security found a lot of vulnerabilities in the products of such vendors as SAP, Oracle and many others. Alexander wrote multiple whitepapers about enterprise application security. He is the author of book "Oracle Security from the Eye of the auditor: Attack and Defense".
DSecRG is committed to the principles of full disclosure, while the collaboration with software vendors and vulnerability publishing is carried out in accordance with the DSPolicy. This Policy regulates the relationship between the vendor and the researcher, who found the vulnerability. It also defines mutual responsibilities and the period the vendor should give a response, controls joint efforts to eliminate the vulnerability and subsequently publish a whitepaper containing full description of a problem.