Audit or Penetration testing? Find your vulnerabilities before you get hurt!

23. April 201824. July 2020 | securityblog

SAST-Blog_Audit-vs-Pentest_Abb_1804 To answer the question of which Security & Compliance check is right for you, we must first remember that the term “vulnerabilities” can refer to very different levels of your system landscape and thus refer to a number of attack vectors.

This ranges from system-side levels (e.g. operating system and network security) to the underlying database including the current parameterization of your SAP systems down to the authorizations required for operations and applications, including any SoD conflicts.

So, the first question is – how sure are you that you know where your vulnerabilities are? Continue reading →

Automated SAP Authorization Management and System Security for 50 countries

19. April 20187. July 2020 | securityblog

Takeda’s twin objectives were to accelerate and simplify its authorization assignment process while deploying a tool that was simultaneously capable of providing vulnerability monitoring for its SAP backend worldwide. Continue reading →

Are your SAP licensing costs really optimized?

27. March 20187. July 2020 | securityblog

Pressure is rising steadily for companies to keep costs down and information technology has not escaped this. In the SAP environment, licensing costs make up a particularly sizeable share of the overall IT costs and they are now being reviewed once again by many companies.

Our tip today will show you how to take the first step to reducing licensing costs yourself.

Continue reading →

Do Security Notes Live Up to Their Name?

19. March 20187. July 2020 | securityblog

SAST-Blog_SAPSecurityNotes

On every second Tuesday of each month, SAP releases new Security Notes. Many SAP administrators install these patches relatively quickly – but are they putting too much faith in the security they provide?

Very few customers know that security gaps can still be exploited.

Continue reading →

You can’t come in here…

19. February 20187. July 2020 | securityblog

Practical tip: How you can easily prevent your SAP users from being inadvertently locked out.

The parameter “icf/reject_expired_passwords” is intended to prevent SAP users from being able to log in via “http” with an expired password. So far so good…

Continue reading →

Maximum access protection for your SAP tables and ABAP programs

12. February 20187. July 2020 | securityblog

AdobeStock_105300132w_jpg The use of critical transactions is one of the most frequent items to be found on the lists of deficiencies prepared by auditors. And rightly so, since accessing SAP tables and ABAP programs with these kinds of transactions is unfortunately often associated with major security risks.

So how can you protect yourself from critical transaction accesses while ensuring your users have the permissions they need? Find out with our best practice tip.

Continue reading →

This is how to ensure a smooth migration of your SAP authorizations while simultaneously reducing your security risks

8. February 20187. July 2020 | securityblog

Motiv_es_SAST-SGM_72dpi_1612 One of the biggest challenges that any customer faces when migrating or redesigning their SAP authorizations is ensuring the continuity of their normal business operations. As a result, IT units are often wary of curtailing user rights – so as to avoid conflicts with business departments that would result from increased testing workloads or more frequent error messages.

With SAST Safe Go-Live Management, these problems are now a thing of the past.

Continue reading →

It does not always have to be platinum!

15. March 201724. July 2020 | securityblog

Implementation of authorization projects – effective and tailored for your requirements.

Motiv_es_Beratung_neue-Projektmodule_150dpi_1703 In many cases companies have to redesign their authorization management, after an audit. The requirements of the companies are often differs in terms of quality, duration and the project budget during planning phase of the projects.

No matter what priorities you set for your authorization projects, AKQUINET offers solutions that are tailored to your needs. From now on, you can choose between three defined approaches:

Continue reading →

Favored target for cyber attacks: SAP archive systems.

22. February 201724. July 2020 | securityblog

archivdaten

Checklist to secure your SAP systems.

Do you know at any time who accesses the sensitive data of your SAP archive servers? In our penetration tests we experiencing it again and again: attacks on SAP archive systems are mostly successful, not recognized and therefore not logged and reported.

Continue reading →

Reporting of SoD risks and mitigations – fast and intuitively.

10. January 20177. July 2020 | securityblog

New features for the SAST SUITE: the SAST Enhanced SoD and Control Reporting.

Every company that needs to redesign its authorizations after an audit knows the challenges: perplexed in the screening and analysis of all identified risks. Our new features for the SAST SUITE enable you to periodically report your risks and mitigations – fast and intuitively.

Continue reading →

SAP Security & Compliance

SAP Authorizations

Audit or Penetration testing? Find your vulnerabilities before you get hurt!

Automated SAP Authorization Management and System Security for 50 countries

Are your SAP licensing costs really optimized?

Do Security Notes Live Up to Their Name?

You can’t come in here…

Maximum access protection for your SAP tables and ABAP programs

This is how to ensure a smooth migration of your SAP authorizations while simultaneously reducing your security risks

It does not always have to be platinum!

Favored target for cyber attacks: SAP archive systems.

Reporting of SoD risks and mitigations – fast and intuitively.

New features for the SAST SUITE: the SAST Enhanced SoD and Control Reporting.