Centralized SAP Note downloads: making the most of the SAP Netweaver Download Service!

SAP Notes are SAP’s standard tool for supplying coding corrections. Alongside a description of the issue from a business perspective, they also include the technical solution. Security considerations also make them increasingly important for any SAP system landscape, as they provide a regular and prompt means of closing critical vulnerabilities in SAP systems, for example. The SAP Netweaver Download Service offers a number of advantages in relation to SAP Notes.

Continue reading

Interview with Ralf Kempf and Norbert Klettner – Cybersecurity in logistics: Multinational attacks on the weakest links in the chain

SAST Blog: Interview with Ralf Kempf and Norbert Klettner – Cybersecurity in logisticsHow should companies in the port and transportation logistics sector tackle cybersecurity? Can smaller and midmarket companies even protect themselves against the growing threats? Our CTO Ralf Kempf and his colleague Norbert Klettner, Managing Director of AKQUINET PORT CONSULTING, were interviewed on this subject by DVZ, a German transportation newspaper.

Continue reading

Role adjustments for technical SAP users – how to handle authorizations safely and effectively

SAST Blog: Role adjustments for technical SAP users – how to handle authorizations safely and effectively.Technical SAP users that have extensive authorizations like SAP_ALL pose a heightened security risk. Vulnerabilities can endanger interfaces and paralyze processes. As such, external auditors are intensifying their focus on authorization management. One of our customers – a company in the energy sector – recently faced the challenge of having to restrict the authorizations of its technical users (batch processing/RFC interfaces).

Continue reading

Detect and Eliminate Vulnerabilities in SAP Systems – Thanks to Security Audit and RFC Interface Analysis

SAST System Security ValidationSAP systems require special attention when it comes to their security and this is no longer news to anyone. More often than not, the ERP systems supplied from Walldorf in Baden-Württemberg store some of the most crucial and sensitive company data. That said, what is the best approach to achieving the optimum level of security? A security audit would fit the bill!

Continue reading

10KBlaze and SAP Security II: Hype & Scaremongering

10KBlaze & SAP Security: Serpenteq(Partner blog post of SERPENTEQ GmbH)
On April 19, 2019, at the OPCDE Cyber Security conference in Dubai, security researchers Dmitry Chastuhin and Mathieu Geli gave a presentation called “SAP gateway to Heaven”. They re-visited two configuration issues (related to SAP Gateway and SAP Message Server) that have been known for many years and for which detailed security guidelines have been available for years. Now the researchers applied some admirably creative thinking to combine them.

Continue reading

One step at a time: How to secure and harden your SAP Gateway

SAST SUITE: INTERFACE MANAGEMENTThe Gateway is a central communication component of an SAP system. As such, it is an attractive target for hacker attacks – and should receive corresponding protections. If the Gateway protections fall short, hacking it becomes child’s play. Despite this, system interfaces are often left out when securing IT systems. Should a cyberattack occur, this will give the perpetrators direct access to your sensitive SAP systems.

Continue reading