SAP has developed a new product, SAP UI Data Security, to support data protection requirements in the SAP environment. UI Data Security comprises two components: UI Masking and UI Logging.
Continue reading
SAP Security
Managed Service: The Booster for your SAP Security & Compliance
Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only reliable way to ensure SAP system security. Dedicated efforts to safeguard SAP environments, however, are both technically complex and contingent upon having a great deal of time and personnel. That’s why a managed service presents an attractive alternative.
Gunar Funke, head of SAP Manages Services SAST SOLUTIONS at AKQUINET, recently sat down with us to talk about why a managed service solution makes particular sense in the context of SAP security and what’s involved with regard to SAST SUITE.
SAP Application Server Encryption via TLS
To achieve the most comprehensive protection possible against potential attacks in SAP environments (and deal with those that do occur), encryption mechanisms and up-to-date cryptography libraries are required using TLS.
10KBlaze and SAP Security II: Hype & Scaremongering
(Partner blog post of SERPENTEQ GmbH)
On April 19, 2019, at the OPCDE Cyber Security conference in Dubai, security researchers Dmitry Chastuhin and Mathieu Geli gave a presentation called “SAP gateway to Heaven”. They re-visited two configuration issues (related to SAP Gateway and SAP Message Server) that have been known for many years and for which detailed security guidelines have been available for years. Now the researchers applied some admirably creative thinking to combine them.
10KBLAZE and SAP Security I: All Quiet on the Western Front
Since May 2, 2019, the market for SAP security has known only one topic: the 10KBLAZE exploit toolkit, which has even prompted a warning from the U.S. Department of Homeland Security. Upon closer examination, however, it quickly becomes apparent that there’s not much news to report.
SAP Security & Compliance: Challenges in the Context of S/4HANA, Code Security, and the Cloud
They say that major events cast a shadow that portends their arrival. In SAP environments, this applies in particular to the transition to S/4HANA, which companies will need to make before maintenance for SAP ERP expires in 2025.
As we covered this pending migration from various perspectives at our SAST DAYS 2019 event, interest in the topics of authorizations and code security was especially high. Let’s take a look back at those exciting days, which presented a balanced mix of current challenges and assorted solutions.
Authorizations for batch processing in NetWeaver and S/4HANA environments
Despite the increasing use of web interfaces in the context of S/4HANA, batch processing is still required for mass data. However, our experience in customer projects has shown that very few administrators know how manage authorizations properly in such scenarios. SAP OSS Note 101146 offers a good overview in this regard. In this blog post, we want to provide a condensed explanation of how the practical aspects interrelate.
How can I quickly migrate SAP custom code to S/4HANA?
According to recent investment reports from the German SAP User Group (DSAG), up to 80 percent of the companies it surveyed intend to migrate their SAP systems to S/4HANA in the next several years. Certainly a bold endeavor. To minimize internal effort, the recommendation is to eliminate legacy issues – for example ABAP custom code – before the migration takes place.
Why passwords are pricey – and how you can still keep costs down
A password is both a blessing and a curse. The blessing is that it permits relatively secure authentication. The curse is that because the complex passwords required for secure login are often too hard to remember, even for those with good memories. A forgotten password is annoying for users. It also costs a lot of money. Read more to learn just how high the costs can be and how you can avoid them.
C/4HANA – how does security work for this? Our take.
C/4HANA is the name of the newest product in the SAP portfolio. The company based in Walldorf, Germany, promises nothing less than a revolution of customer experience. But is C/4HANA secure? And what does “C/4HANA” mean, anyway?