SAP February patch day: Highly critical vulnerability in core component threatens central SAP products (key word: ICMAD) – act immediately!

SAST Blog: Act immediately to remedy the Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management!A major security vulnerability, which has been assigned a top severity rating, threatens SAP ERP 6.0, S/4HANA, NetWeaver, and Web Dispatcher, among others. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert warning of potential attacks on SAP products. Patch your SAP systems IMMEDIATELY!

Continue reading

How the skilled use of SAP wildcard characters can shed light on the analysis of the SAP authorization system

How the skilled use of SAP wildcard characters can shed light on the analysis of the SAP authorization systemFor SAP experts worldwide, data display tools like the Data Browser (SE16), Quick Viewer (SQVI), and Query Start (SQ00) are basic components of their everyday work. They have become accustomed to using selection screens, variants, and ALV functions in the output lists of the Data Browser. In this post, we’ll show you examples from the SAP authorization system that illustrate less well-known possibilities for finding what you need in large datasets through the skilled use of wildcard characters during selection.

Continue reading

Why are SIEM tools blind to SAP? An interesting question, and not only for operators of critical infrastructure who are migrating to SAP S/4HANA.

Ralf Kempf (SAST SOLUTIONS)Cybersecurity is a hot topic right now: increasing numbers of external attacks on company networks during the pandemic and the further professionalization of the attackers have made it even more important. In recent months, we’ve been reading about attacks on companies almost every day, which have suffered consequences up to and including total shutdowns that lasted for days. What elements of SAP security have changed, for whom is Germany’s IT Security Act 2.0 relevant, how can you take this account during migration to SAP S/4HANA, and what can every company do to improve SAP security?

Continue reading

SAST SOLUTIONS receives the award “Top Identity and Access Management Solution Provider in Europe 2021”

SAST Blog: Award win: Top IAM Solution Provider in Europe 2021.The december issue of Enterprise Security Magazine focuses on IAM solution providers in Europe. It aims to identify the emerging players in the IAM space and showcase their expertise in solving impediments and overcoming market complexities. We are delighted to have won with the topic “Real-Time Identity and Access Management for SAP Systems” the award for “Top IAM Solution Provider in Europe 2021” in this context!

Continue reading

SAP Cyber Security: Five questions and answers about effectively monitoring SAP systems

SAST Blog: SAP Cyber Security: Five questions and answers about effectively monitoring SAP systemsDo companies need a comprehensive security strategy for their SAP systems? The objective should be the integration into the bigger picture. Due to the lack of structures for overall security, however, security measures on a smaller scale are frequently omitted. It is therefore necessary to optimize internal control systems and – particularly for securing SAP systems – and to establish comprehensive monitoring. Learn more open the interplay of point in time and time frame of the security monitoring.

Continue reading

Think about updating your authorization roles in your SAP S/4HANA project!

SAP S/4HANA authorizations: brownfield or greenfieldMany companies are currently faced with the task of converting their SAP systems to SAP S/4HANA, because their ERP maintenance will be discontinued in the foreseeable future. Project planning usually only takes technical and organizational aspects into account, however; crucial security topics aren’t given enough priority. As a result, the implementation of the authorization concept and adaptation of the authorization roles often end up at the end of the line.

Continue reading

Rectify your top findings before the external auditors arrive!

Rectify your top findings before the external auditors arrive!Once a year, as every SAP administrator and security manager knows, the annual external audit is a given. Despite this, the current risk situation of the SAP systems is often uncertain. Have all the vulnerabilities from the last audit really been taken care of? Have new risks arisen in the meantime? If you don’t take active countermeasures, you might end up in the same situation again and again.

Continue reading