Organizational, technical or a workload problem?
All sorts of problemsBad things can happen to your authorization concept for many reasons:The security department lacks the education and skillThe security department is understaffedExternal service...
View ArticleClik here to view.
Penetration Test: The quieter you become the more you are able to hear
When my little but big company, that I started 10 years ago and foster ever since, started the venture last year to change the scope of our company from SAP PI, Basis, Data Center Consulting and...
View ArticleSAP Web Dispatcher's increasing importance in security
In this blog I wrote about SAP Web Dispatcher's useful features and its increasing importance in security, especially with mobility Are you loving your SAP Web Dispatcher enough?
View ArticleClik here to view.
Penetration Test: The quieter you become the more you are able to hear
When my little but big company, that I started 10 years ago and foster ever since, started the venture last year to change the scope of our company from SAP PI, Basis, Data Center Consulting and...
View ArticleClik here to view.
SAP Cloud Identity - New Capabilities Available with the Latest Release
With the latest release of the SAP Cloud Identity we offer several new capabilities:extended brandingsocial loginresponsive user interfaces registration form setupSAML trust configuration...
View ArticleClik here to view.
Overview of the SAP technology security portfolio with a SAP HANA context
Hi,I get often asked how the SAP technology security portfolio relates to SAP's platform strategy. That is why I am writing this blog.In the center should be always the user, who wants to access...
View ArticleSAP’s Crypto Kernel receives FIPS 140-2 certificate
Finally! After a very long waiting period SAP has received the FIPS 140-2 certificate for the SAP SSO 2.0 Secure Login Library Crypto Kernel.You can find further details at...
View ArticleClik here to view.
How would you like to help shape our security documentation?
You may have seen the wiki that I help manage, Home of TCP-IP Ports. I want to take the TCP/IP port documentation in a new direction and I am looking for you to give me feedback. Interested? Either...
View ArticleAttack Detection Patterns of SAP Enterprise Threat Detection
Attack detection patterns are what powers the ability of SAP Enterprise Threat Detection to alert you to suspicious activity in your network. The patterns were created by our experts to uncover a...
View ArticleClik here to view.
SAP vulnerabilities highlighted in many reports such as HP Cyber Risk Report...
Recently, HP published their yearly Cyber Risk Report 2015. Having many typical things spotlighted in this report such as growing number of ATM and IOT Security events, we have found some parts that...
View ArticleSAP NetWeaver ABAP security configuration part 3: Default passwords for...
For the two previous weeks we’ve been discussing the top-9 critical areas [1] and the 33 steps to be taken for security assessment [2]. Ultimately, we’ve covered patch management flaws - the first...
View ArticleSAP NetWeaver ABAP security configuration part 4: Unnecessary functionality
In our previous articles we’ve already presented you the list of the 9 most important business application security critical issues [1], covered patch management flaws [2] and provided the information...
View ArticleSAP Security Notes May 2015
SAP has released the monthly critical patch update for May 2015. This patch update closes a lot of vulnerabilities in SAP products, some of them belong in the SAP HANA security area. This month, three...
View ArticleClik here to view.
SAP NetWeaver ABAP Security Configuration Part 5: Open remote management...
Today we are going on with our series of articles where we describe the 33 steps to security. In our previous articles we’ve already presented you the list of the 9 most important business application...
View ArticleSAP NetWeaver ABAP Security Configuration Part 6: Insecure Settings
In our previous articles we’ve already presented you the list of the 9 most important business application security critical issues [1], covered patch management flaws [2], provided the information...
View ArticleClik here to view.
Securing SAP Systems from XSS vulnerabilities Part 1: Introduction
With this article we are starting new series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. XSS is by far one of...
View ArticleSAP NetWeaver ABAP Security Configuration Part 7: Access control and SOD...
In our previous articles we’ve already provided you the list of the 9 most important business application security critical issues [1], covered patch management flaws [2], present the information...
View ArticleSAP Security Notes June 2015
SAP has released the monthly critical patch update for June 2015. This patch update closes a lot of vulnerabilities in SAP products. The most popular vulnerability is Missing Authorization Check. This...
View ArticleNot So Simple
Not So Simple Anyone who is somehow connected to SAP world must have noticed the new message pushed by SAP to their customers: “Simple”. Even their latest flagship product S/4 HANA has it in its name....
View ArticleClik here to view.
Protecting your crown jewels - Security with HANA and Enterprise Threat...
SAP has launched their Version 1.0 of their new Security Product “SAP Enterprise Threat Detection” (ETD) earlier this year.It is a brand new product based on SAP HANA that adds a complete different...
View Article