{"id":850,"date":"2019-05-10T11:04:28","date_gmt":"2019-05-10T09:04:28","guid":{"rendered":"https:\/\/sast-blog.akquinet.com\/?p=850"},"modified":"2020-07-24T11:26:21","modified_gmt":"2020-07-24T09:26:21","slug":"10kblaze-and-sap-security","status":"publish","type":"post","link":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/","title":{"rendered":"10KBlaze and SAP Security II: Hype &#038; Scaremongering"},"content":{"rendered":"<p><strong><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-851 size-medium\" title=\"10KBlaze &amp; SAP Security: Serpenteq\" src=\"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2019\/05\/Security_Serpenteq-300x188.jpg\" alt=\"10KBlaze &amp; SAP Security: Serpenteq\" width=\"300\" height=\"188\" srcset=\"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Security_Serpenteq-300x188.jpg 300w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Security_Serpenteq-768x481.jpg 768w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Security_Serpenteq-1024x641.jpg 1024w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Security_Serpenteq.jpg 1920w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/strong><em>(Partner blog post of SERPENTEQ GmbH)<\/em><br \/>\nOn April 19, 2019, at the OPCDE Cyber Security conference in Dubai, security researchers Dmitry Chastuhin and Mathieu Geli gave a presentation called \u201c<u><a href=\"https:\/\/github.com\/comaeio\/OPCDE\/tree\/master\/2019\/Emirates\/(SAP)%20Gateway%20to%20Heaven%20-%20Dmitry%20Chastuhin%2C%20Mathieu%20Geli\" target=\"_blank\" rel=\"noopener noreferrer\">SAP gateway to Heaven<\/a><\/u>\u201d. They re-visited two configuration issues (related to <em>SAP Gateway<\/em> and <em>SAP Message Server<\/em>) that have been known for many years and for which detailed security guidelines have been available for years. Now the researchers applied some admirably creative thinking to combine them.<\/p>\n<p><!--more--><\/p>\n<p>They demonstrated that the default configuration of the SAP Gateway\u2019s <em>secinfo<\/em> file can lead to a vulnerability if the SAP Message Server configuration is insecure (which is the case in the default config). Their talk was delivered in great technical detail and they also released python scripts as PoC. So far so good.<\/p>\n<p>Unfortunately, in the wake of this talk, a wave of press releases and a flood of \u201cyou are doomed\u201d mails have been unleashed onto companies running SAP by some security companies (which appear to have no part in the research work of Dmitry Chastuhin and Mathieu Geli).<\/p>\n<p>If you read these virtually apocalyptical messages, you may come to think that your company\u2019s SAP servers will be hacked any second via the Internet.<\/p>\n<h2><strong>What is really the hype about 10KBLAZE?<\/strong><\/h2>\n<p>We write this blog post in order to share important facts and reduce the current level of uncertainty. The information in this blog is backed up by experienced experts from two other SAP security companies (EUROSEC and akquinet).<\/p>\n<p>First of all: <strong>if you configure your SAP Gateway securely, even an insecure SAP Message Server configuration will NOT expose your gateway to remote code execution.<\/strong><\/p>\n<p>Dmitry Chastuhin and Mathieu Geli correctly state in their talk that the secinfo setting can lead to a vulnerability if the SAP Message Server configuration is insecure. However, the secinfo setting USER-HOST=<em>LOCAL<\/em> is secure, no matter what you do with a SAP Message Server. But for some mysterious reason, there is no trace of this information in any of the press releases and warning mails.<\/p>\n<p>The value <em>INTERNAL<\/em> means that all server instances in the SID cluster (which you can join via SAP Message Server) can connect to the SAP Gateway. This may be a problem. And in most cases customers actually need this setting in productive use.<\/p>\n<p>The value <em>LOCAL<\/em> , however, means that only the network cards of the server instance running the SAP Gateway can connect to its gateway. If you configured your secinfo settings this way, no one can exploit your SAP Gateway over the network. Neither from the outside nor from the inside.<\/p>\n<p>And to make that clear as well, the gateway attack described in the talk requires network access to the SAP Gateway. And unless your admins are reckless daredevils, your gateway is only accessible from within your intranet. Granted, this won\u2019t protect your company from harm, but it keeps the attack surface manageable.<\/p>\n<h2><strong>Successful hacker attacks don&#8217;t come by chance<\/strong><\/h2>\n<p>But apart from this, a successful attack requires several other preconditions, as explained in the following.<\/p>\n<p>In the past, all functionality of SAP Message Server was exposed to clients via a single port. This included the capability to register application servers and was a bad idea. SAP changed this behavior years ago. SAP Note 1421005 deals with the secure configuration of SAP Message Server. Since clients need to be able to connect to a SAP Message Server, access to critical functionality (such as server registration) was delegated to a separate port &#8211; the <em>internal port<\/em>. Of course, this port (TCP 39XX) needs to be protected from client access. Otherwise it would make little sense to spilt access.<\/p>\n<p>But even if this port is accessible, the SAP Message Server can still be protected by proper ACL configurations. (See SAP Notes 821875 and 1495075). This ACL configuration is the best line of defense. It should contain a white list of all application server instances that are allowed to access the SAP Message Server. This prevents any access from unwanted systems (with network access).<\/p>\n<p>If you run a SIEM solution, it also makes sense to activate logging on the SAP Message Server, so you can quickly detect attempts to attack you.<\/p>\n<h2><strong>These are the security risks associated with 10KBLAZE<\/strong><\/h2>\n<p>Now what exactly is the risk? The following preconditions are required for remote code execution:<\/p>\n<ol>\n<li>The SAP Message Server internal port (39XX) is exposed to clients \/ the intranet.<\/li>\n<li>The SAP Message Server ACL is not (securely) configured. Unfortunately this is the SAP default setting.<\/li>\n<li>The SAP Gateway secinfo configuration uses USER-HOST= <em>INTERNAL<\/em> or is in itself configured insecurely. In the latter case companies are vulnerable no matter how their SAP Message Server is configured.<\/li>\n<li>An attacker needs physical access to the network (unless the gateway is exposed to the Internet).<\/li>\n<\/ol>\n<p><strong>Only if all four conditions apply, the 10KBlaze attack poses an additional risk to your company.<\/strong><\/p>\n<p>Another reason to make sure that your SAP Message Server is sufficiently protected is the \u201cbonus attack\u201d discussed in the talk: An untrusted application server &#8211; registered via an unprotected message server &#8211; would be able to steal login credentials. Unless a company uses SNC (Secure Network Communication).<\/p>\n<p>We worked with some of our customers to cool down the panic-mode caused by the press releases. So far we haven\u2019t seen any additional risks arising from 10KBlaze.<\/p>\n<p><strong>Our advice<\/strong>: if your SAP admins even remotely pay attention to SAP Notes, it is very likely that the exploits shown by the two researchers have no adverse effect. You should check your settings nonetheless. But do it with calm and serenity.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-853 size-medium\" title=\"Xu Jia (Serpenteq)\" src=\"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2019\/05\/Xu-Jia-300x300.jpg\" alt=\"Xu Jia (Serpenteq)\" width=\"300\" height=\"300\" srcset=\"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Xu-Jia-300x300.jpg 300w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Xu-Jia-150x150.jpg 150w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Xu-Jia-768x768.jpg 768w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Xu-Jia-800x800.jpg 800w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Xu-Jia.jpg 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/>\u00a0 <img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-852 size-medium\" title=\"Andreas Wiegenstein (Serpenteq)\" src=\"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2019\/05\/Andreas-Wiegenstein-300x300.jpg\" alt=\"Andreas Wiegenstein (Serpenteq)\" width=\"300\" height=\"300\" srcset=\"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Andreas-Wiegenstein-300x300.jpg 300w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Andreas-Wiegenstein-150x150.jpg 150w, https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Andreas-Wiegenstein.jpg 512w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><br \/>\n<strong>Xu Jia &amp; Andreas Wiegenstein (SERPENTEQ GmbH)<\/strong><\/p>\n<p><a href=\"https:\/\/www.serpenteq.com\/en\/#home\" target=\"_blank\" rel=\"noopener noreferrer\">SERPENTEQ GmbH<\/a> comprises experienced security analysts that have reported several hundred so-called &#8220;Zero Day&#8221; vulnerabilities in standard software to the respective vendors and helped mitigating them. Our core area of security expertise lies in SAP technologies and code audits of exposed systems of any technological kind.<\/p>\n<p>Do you have questions on this topic? Or are you interested in further information about the SAST SOLUTIONS portfolio? We invite you to explore our <a href=\"https:\/\/www.sast-solutions.de\/index-2.jsp\" target=\"_blank\" rel=\"noopener noreferrer\">SAST SOLUTIONS website<\/a> or contact us directly: <a href=\"mailto:sast@akquinet.de\">sast@akquinet.de<\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>This might also be of interest to you:<\/strong><\/h2>\n<p><a href=\"https:\/\/sast-blog.akquinet.com\/2019\/05\/10\/10kblaze-sap-security\/\">10KBLAZE and SAP Security I: All Quiet on the Western Front<\/a><\/p>\n<p><a href=\"https:\/\/sast-blog.akquinet.com\/2019\/04\/04\/sap-security-compliance-challenges-s-4hana-code-security-and-the-cloud\/\">SAP Security &amp; Compliance: Challenges in the Context of S\/4HANA, Code Security, and the Cloud<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Partner blog post of SERPENTEQ GmbH) On April 19, 2019, at the OPCDE Cyber Security conference in Dubai, security researchers Dmitry Chastuhin and Mathieu Geli gave a presentation called \u201cSAP gateway to Heaven\u201d. They re-visited two configuration issues (related to SAP Gateway and SAP Message Server) that have been known for many years and for [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[25,58,61,80],"class_list":["post-850","post","type-post","status-publish","format-standard","hentry","category-sap-threat-detection","tag-cyber-attack","tag-real-time-monitoring","tag-rfc-interface","tag-sap-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>10KBlaze and SAP Security II: Hype &amp; Scaremongering<\/title>\n<meta name=\"description\" content=\"What is the point of the discussion about 10KBLAZE? Find out everything about the background and how you can ensure secure SAP systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"10KBlaze and SAP Security II: Hype &amp; Scaremongering\" \/>\n<meta property=\"og:description\" content=\"What is the point of the discussion about 10KBLAZE? Find out everything about the background and how you can ensure secure SAP systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/\" \/>\n<meta property=\"og:site_name\" content=\"SAST BLOG\" \/>\n<meta property=\"article:published_time\" content=\"2019-05-10T09:04:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-07-24T09:26:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Security_Serpenteq.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1202\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"securityblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"10KBlaze and SAP Security II: Hype &amp; Scaremongering\" \/>\n<meta name=\"twitter:description\" content=\"What is the point of the discussion about 10KBLAZE? Find out everything about the background and how you can ensure secure SAP systems.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Security_Serpenteq.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"securityblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/\"},\"author\":{\"name\":\"securityblog\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/person\\\/cd70e3749cca136a7e8a37dc1d3cfc26\"},\"headline\":\"10KBlaze and SAP Security II: Hype &#038; Scaremongering\",\"datePublished\":\"2019-05-10T09:04:28+00:00\",\"dateModified\":\"2020-07-24T09:26:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/\"},\"wordCount\":1059,\"publisher\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/Security_Serpenteq-300x188.jpg\",\"keywords\":[\"Cyber Attack\",\"Real-time monitoring\",\"RFC Interface\",\"SAP Security\"],\"articleSection\":[\"SAP Threat Detection\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/\",\"name\":\"10KBlaze and SAP Security II: Hype & Scaremongering\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/Security_Serpenteq-300x188.jpg\",\"datePublished\":\"2019-05-10T09:04:28+00:00\",\"dateModified\":\"2020-07-24T09:26:21+00:00\",\"description\":\"What is the point of the discussion about 10KBLAZE? Find out everything about the background and how you can ensure secure SAP systems.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/Security_Serpenteq-300x188.jpg\",\"contentUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/Security_Serpenteq-300x188.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2019\\\/05\\\/10\\\/10kblaze-and-sap-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"10KBlaze and SAP Security II: Hype &#038; Scaremongering\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#website\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\",\"name\":\"SAST BLOG\",\"description\":\"SAP Security &amp; Compliance\",\"publisher\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\",\"name\":\"SAST BLOG\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/sast-solutions-logo.png\",\"contentUrl\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/sast-solutions-logo.png\",\"width\":358,\"height\":155,\"caption\":\"SAST BLOG\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/person\\\/cd70e3749cca136a7e8a37dc1d3cfc26\",\"name\":\"securityblog\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"10KBlaze and SAP Security II: Hype & Scaremongering","description":"What is the point of the discussion about 10KBLAZE? Find out everything about the background and how you can ensure secure SAP systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/","og_locale":"en_US","og_type":"article","og_title":"10KBlaze and SAP Security II: Hype & Scaremongering","og_description":"What is the point of the discussion about 10KBLAZE? Find out everything about the background and how you can ensure secure SAP systems.","og_url":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/","og_site_name":"SAST BLOG","article_published_time":"2019-05-10T09:04:28+00:00","article_modified_time":"2020-07-24T09:26:21+00:00","og_image":[{"width":1920,"height":1202,"url":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Security_Serpenteq.jpg","type":"image\/jpeg"}],"author":"securityblog","twitter_card":"summary_large_image","twitter_title":"10KBlaze and SAP Security II: Hype & Scaremongering","twitter_description":"What is the point of the discussion about 10KBLAZE? Find out everything about the background and how you can ensure secure SAP systems.","twitter_image":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2019\/05\/Security_Serpenteq.jpg","twitter_misc":{"Written by":"securityblog","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/#article","isPartOf":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/"},"author":{"name":"securityblog","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/person\/cd70e3749cca136a7e8a37dc1d3cfc26"},"headline":"10KBlaze and SAP Security II: Hype &#038; Scaremongering","datePublished":"2019-05-10T09:04:28+00:00","dateModified":"2020-07-24T09:26:21+00:00","mainEntityOfPage":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/"},"wordCount":1059,"publisher":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#organization"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/#primaryimage"},"thumbnailUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2019\/05\/Security_Serpenteq-300x188.jpg","keywords":["Cyber Attack","Real-time monitoring","RFC Interface","SAP Security"],"articleSection":["SAP Threat Detection"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/","url":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/","name":"10KBlaze and SAP Security II: Hype & Scaremongering","isPartOf":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/#primaryimage"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/#primaryimage"},"thumbnailUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2019\/05\/Security_Serpenteq-300x188.jpg","datePublished":"2019-05-10T09:04:28+00:00","dateModified":"2020-07-24T09:26:21+00:00","description":"What is the point of the discussion about 10KBLAZE? Find out everything about the background and how you can ensure secure SAP systems.","breadcrumb":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/#primaryimage","url":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2019\/05\/Security_Serpenteq-300x188.jpg","contentUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2019\/05\/Security_Serpenteq-300x188.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/sast-solutions.com\/blog-en\/2019\/05\/10\/10kblaze-and-sap-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sast-solutions.com\/blog-en\/"},{"@type":"ListItem","position":2,"name":"10KBlaze and SAP Security II: Hype &#038; Scaremongering"}]},{"@type":"WebSite","@id":"https:\/\/sast-solutions.com\/blog-en\/#website","url":"https:\/\/sast-solutions.com\/blog-en\/","name":"SAST BLOG","description":"SAP Security &amp; Compliance","publisher":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sast-solutions.com\/blog-en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sast-solutions.com\/blog-en\/#organization","name":"SAST BLOG","url":"https:\/\/sast-solutions.com\/blog-en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/logo\/image\/","url":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2021\/03\/sast-solutions-logo.png","contentUrl":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2021\/03\/sast-solutions-logo.png","width":358,"height":155,"caption":"SAST BLOG"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/person\/cd70e3749cca136a7e8a37dc1d3cfc26","name":"securityblog"}]}},"_links":{"self":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/comments?post=850"}],"version-history":[{"count":7,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/850\/revisions"}],"predecessor-version":[{"id":1331,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/850\/revisions\/1331"}],"wp:attachment":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/media?parent=850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/categories?post=850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/tags?post=850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}