SAP is planning to move all its customers to cloud systems. Its software is used by most midsize and larger companies in the German-speaking countries, including around half of all the businesses in Germany alone. Making the transition requires solid planning and entails a tremendous amount of organizational effort on the part of IT managers.
Detect and Eliminate Vulnerabilities in SAP Systems – Thanks to Security Audit and RFC Interface Analysis
SAP systems require special attention when it comes to their security and this is no longer news to anyone. More often than not, the ERP systems supplied from Walldorf in Baden-Württemberg store some of the most crucial and sensitive company data. That said, what is the best approach to achieving the optimum level of security? A security audit would fit the bill!
SAP Security & Compliance: “Customers need Solution Providers.”
Started with two modules in 2006, the SAST SOLUTIONS portfolio now comprises a comprehensive combination of software, consulting and service, and offers a holistic solution for safeguarding SAP systems. In this interview, Managing Director Bodo Kahl talks about the topics that concern himself as well as the entire industry, and describes the qualities that characterize a good service provider for SAP security and compliance today.
RFC Interfaces in SAP Landscapes: An Overview
Do you have an overview of the RFC interfaces in your SAP systems? The larger the company, the more interfaces there are. Unfortunately, these are often not taken into account when securing IT systems, thereby allowing hackers free access to sensitive data. The name of the game for SAP managers is therefore: Clean up and check.
UI Data Security ensures conformity in SAP system data protection
SAP has developed a new product, SAP UI Data Security, to support data protection requirements in the SAP environment. UI Data Security comprises two components: UI Masking and UI Logging.
Continue reading
Managed Service: The Booster for your SAP Security & Compliance
Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only reliable way to ensure SAP system security. Dedicated efforts to safeguard SAP environments, however, are both technically complex and contingent upon having a great deal of time and personnel. That’s why a managed service presents an attractive alternative.
Gunar Funke, head of SAP Manages Services SAST SOLUTIONS at AKQUINET, recently sat down with us to talk about why a managed service solution makes particular sense in the context of SAP security and what’s involved with regard to SAST SUITE.
SAP Security and Hosting: Hacking 40 SAP Systems in One Fell Swoop
In spite of the hype surrounding the cloud, the on-premise model in which customers run their own SAP software is still the norm. However, that doesn’t rule out a service provider handling part of the operations; indeed, hosting is a widely used model, particularly among SMEs. While the roles at hand are usually clearly assigned in a hosting model like this, the same unfortunately doesn’t always apply to SAP system security.
SAP Application Server Encryption via TLS
To achieve the most comprehensive protection possible against potential attacks in SAP environments (and deal with those that do occur), encryption mechanisms and up-to-date cryptography libraries are required using TLS.
10KBlaze and SAP Security II: Hype & Scaremongering
(Partner blog post of SERPENTEQ GmbH)
On April 19, 2019, at the OPCDE Cyber Security conference in Dubai, security researchers Dmitry Chastuhin and Mathieu Geli gave a presentation called “SAP gateway to Heaven”. They re-visited two configuration issues (related to SAP Gateway and SAP Message Server) that have been known for many years and for which detailed security guidelines have been available for years. Now the researchers applied some admirably creative thinking to combine them.
10KBLAZE and SAP Security I: All Quiet on the Western Front
Since May 2, 2019, the market for SAP security has known only one topic: the 10KBLAZE exploit toolkit, which has even prompted a warning from the U.S. Department of Homeland Security. Upon closer examination, however, it quickly becomes apparent that there’s not much news to report.