Knock, knock! What if a hacker has already broken in when your IT auditor is at the door?

SAST Blog: What if a hacker has already broken in when your IT auditor is at the door? The procedure is well-known at SMEs and large companies: Every year, the auditor comes around for the IT audit, which is carried out as part of the annual overall review. The general objective is to ensure the security and integrity of the audited system (usually the SAP system used for accounting) and to identify potential risks. A management letter then describes follow-up measures to mitigate these risks in future. But does this approach still make sense today?

Continue reading

Monitoring SAP system settings centrally – how LINDE keeps an eye on all its SAP systems simultaneously

SAST Blog: Monitoring SAP system settings centrally – how LINDE keeps an eye on all its SAP systems simultaneouslyIncorrect parameter settings in the SAP system, operating system, or database often result in serious security deficiencies. Numerous companies using a central auditing policy developed as a document are up against the same challenges. Typically, parameter values are compared manually with the target requirements, which of course is time consuming. This a lot of effort even just for one single system. As you might imagine, making the comparisons on system-landscape level is that much more complicated. By centralizing monitoring with an automated solution, you can use resources more efficiently while boosting your IT security.

Continue reading

Vulnerability Scan, Audit, or Penetration Test: Find the right method for identifying vulnerabilities.

SAST Blog: Vulnerability Scan, Security Audit, or Penetration Test: Finding the Right Method for Identifying Vulnerabilities. There are many methods for assessing the risk potential of SAP landscapes and identifying potential vulnerabilities, so it isn’t always easy to keep track of all the alternatives. Options range from vulnerability scans to audits and penetration tests. But which approach is the right one for identifying vulnerabilities depends entirely on your individual requirements.

Continue reading

How to plan and carry out your SAP System Audit with SAST Risk and Compliance Management

SAST Blog: How to Plan and Carry Out Your SAP System Audit with SAST Risk and Compliance ManagementThe complexity of SAP systems often makes it difficult for administrators to keep track of all their facets. How can an SAP system audit be planned constructively, for example? The SAST SUITE gives you sophisticated analysis methods to identify vulnerabilities quickly, before they can be exploited. The SAST SUITE also offers a wide variety of functions for analyzing and increasing the security of your SAP systems.

Continue reading

Detect and Eliminate Vulnerabilities in SAP Systems – Thanks to Security Audit and RFC Interface Analysis

SAST System Security ValidationSAP systems require special attention when it comes to their security and this is no longer news to anyone. More often than not, the ERP systems supplied from Walldorf in Baden-Württemberg store some of the most crucial and sensitive company data. That said, what is the best approach to achieving the optimum level of security? A security audit would fit the bill!

Continue reading

Unprotected interfaces are attractive Targets for attackers.

shutterstock_331648835_akqw_jpgAnalyze the RFC interfaces of your SAP Systems.

SAP interfaces are often not considered when SAP systems are protected. Therefore, they remain unprotected and provide attractive targets for attackers.

Experience from numerous SAP security audits and penetration tests for SAP systems shows repeatedly that, in almost every SAP system checked, unprotected interfaces exist that could allow attackers direct access to your SAP Systems.

Continue reading