Clik here to view.
Why you should really get rid of old password hashes *NOW*
This blog is written in an effort to raise more awareness on securing your SAP infrastructure. In this case specifically on the topic of securing your SAP Password hashes. I will try and avoid being...
View ArticleIs a brute-force attack your only concern for data loss?
You would not be surprised to hear that another retailer had been hacked and information about many customers was compromised. We hear this kind of information several times per year sensationalized...
View ArticleClik here to view.
Why current SAP Security Guides are not perfect?
For the first time, let us try to speak only about defense. Thus, this article will be about different guidelines, which can help to secure your SAP system. But nothing to worry about - this post will...
View ArticleClik here to view.
Collaborate security and functional consultants using stauthtrace for SAP APO
Being a basis consultant , it was challenge to take up SAP APO security roles building exercise for an implementation project. I knew how to make roles and edit authorization objects for ECC, but that...
View ArticleClik here to view.
Segregating Warehouse Responsibilities
Segregating Warehouse Responsibilities using standard Inventory Management and Warehouse management authorizationsBackground/SituationIn certain situations there can be a requirement to separate...
View ArticleClik here to view.
Locate the work proces from ICM trace for HTTP logon issue
For most SSO issue, the Logon Trace is needed to find the root cause. In ABAP system, actually, the logon trace is the development trace of work process. Normally we use the important Note:#495911 -...
View ArticleBest Practices for Roles Transport in AS ABAP system
Best Practices for Roles Transport in AS ABAP systemGuidelines for role transports, I am here trying to compile different scenarios (as much as possible), please share comments and add-ons on the same...
View ArticleClik here to view.
THINK Security: Towards a new horizon
It is interesting to watch the security world undergoing a dramatic change. The classic world of protecting the good SAP system against the evil with a good firewall and relying on the closed SAP ABAP...
View ArticleClik here to view.
Quantum Dawn : When Cyber Attack Wargames will teach you SAP Security
In 2012, American agencies under the lead of SIFMA where running the first cyber-attack stress test on financial institutions on Wall Street. One year later, it was repeated in London, with a broader...
View ArticleClik here to view.
Designing for Security
There are two distinct ways on how you can build security into your software: have your software tested and/or hacked, and start applying technology to plug the holes and keep the bad guys outthink...
View ArticleClik here to view.
Penetration Test: The quieter you become the more you are able to hear
When my little but big company, that I started 10 years ago and foster ever since, started the venture last year to change the scope of our company from SAP PI, Basis, Data Center Consulting and...
View ArticleUpcoming Ramp-Up for SAP Enterprise Threat Detection
Over the last few years there have been indications of rising interest in SAP systems by white hatters and black hatters, and I guess any color in between. In any case the world has got more dangerous...
View ArticleClik here to view.
New era of SAP security strategy: A close look at an advanced cyber defense...
This is a close look at the advanced cyber defense portfolio of Telekom and T-Systems.I once had a long term and intense 3-year project with T-Systems and there are still strong ties between me and the...
View ArticleJoin us in our new live Webinar! “Security in an age of Big Data and...
With all recent reports about cyber-crime and security breaches, is it any wonder that companies are worried about their assets, or seeking better opportunities to estimate their risk of being...
View ArticleShellshock – Lessons Learned for SAP Customers
I have been following the news on the Shellshock vulnerability the last few days (more information here, here, here, and here) - the vulnerability affects millions of systems and devices. And, a lot of...
View ArticleSAP Enterprise Threat Detection is now in Ramp-up
A bundle of information about the solution can be found at http://scn.sap.com/docs/DOC-58501. Formalities over, why bother with yet another security product? I have had the same model of Swiss Army...
View ArticleOn the way to granularity
Let’s start with S_TABU_DIS and S_TABU_NAMWe still remember the times when it was not so easy to authorize for generic tools for the access to database tables (transactions such as SE16, SE17, SM30,...
View ArticleClik here to view.
DBMS Users in SAP NetWeaver AS ABAP 7.40
With SAP NetWeaver Application Server ABAP 7.40 it is possible to synchronize ABAP Users to a DBMS system especially to SAP HANA . This blog describes the configuration steps that are necessary to set...
View ArticleClik here to view.
Treatment of Authorization Object S_RFC in SU24
Recently I experienced issue with S_RFC authorization object. I am writing this Blog to share information and experience that if S_RFC object is maintained as Proposal YES even then this object is not...
View ArticleClik here to view.
It's Easy to Create an Attack Detection Pattern
SAP delivers attack detection patterns with SAP Enterprise Threat Detection, and in the course of time there will be more. However, you need to have the possibility to get patterns from elsewhere – and...
View Article