SNC encryption made easy: SAP security even without SSO

SAST Blog: SNC encryption made easy: SAP security even without SSOTo secure and encrypt customer networks, SAP offers the SNC (Secure Network Communications) interface with which users can log in to SAP systems without having to enter a user name or password. In the standard system, SAP login credentials are transmitted in clear text. The SNC interface routes calls through the SAP Cryptographic Library, to encrypt all communications between the SAP GUI and the SAP server. This enables secure individual logins for SAP.

Continue reading

SAP Security: five ways to make sure you’ll be hacked

Hacker attacks threaten SAP security: All alarmist nonsense?(A guide of the less serious sort.)
Let’s be honest right off the bat: There’s a lot of hype in the media about IT security in general and SAP security in special these days. But is there really anything behind it? Those headlines about millions of data records going missing always affect someone else – whether it’s Equifax across the pond or the big tech companies that have been infiltrated by organized groups of Chinese hackers. It’s all alarmist nonsense!

Continue reading

SAP Security & Compliance: “Customers need Solution Providers.”

SAST SOLUTIONS from AKQUINET honored with Softshell Vendor Award in GoldStarted with two modules in 2006, the SAST SOLUTIONS portfolio now comprises a comprehensive combination of software, consulting and service, and offers a holistic solution for safeguarding SAP systems. In this interview, Managing Director Bodo Kahl talks about the topics that concern himself as well as the entire industry, and describes the qualities that characterize a good service provider for SAP security and compliance today.

Continue reading

SAP Security & Compliance: Challenges in the Context of S/4HANA, Code Security, and the Cloud

SAST DAYSThey say that major events cast a shadow that portends their arrival. In SAP environments, this applies in particular to the transition to S/4HANA, which companies will need to make before maintenance for SAP ERP expires in 2025.

As we covered this pending migration from various perspectives at our SAST DAYS 2019 event, interest in the topics of authorizations and code security was especially high. Let’s take a look back at those exciting days, which presented a balanced mix of current challenges and assorted solutions.

Continue reading

Self-Adjusting Authorizations: SAST SOLUTIONS’s new tool intelligently slims down SAP roles

SAST-SUITE_Self-Adjusting AuthorizationsCompanies find themselves challenged again and again by the immense effort required to keep employee SAP authorizations up to date during day to day business. Our new SAST SUITE module, Self-Adjusting Authorizations, takes an intelligent approach to solving the most frequent problems: It removes unused transactions automatically, increasing both compliance security and protection against data misuse, in turn reducing administrative effort.

Continue reading

Code injection by logical databases

SAST Code Security AdvisorLogical databases were once very popular. Complex selections were relatively easy to portray and effort-intensive reports were unnecessary. Users also appreciated the way dynamic selection worked, which encouraged developers to use the technique more and more. Starting from Version 7.50, SAP has now declared logical databases obsolete. Consequently, it advised against creating new logical databases, but allowed the old ones to continue as if nothing had happened. This, however, is a security risk that could impact any report.

Continue reading