Posts

Development systems and extensive authorizations can increase the risk of an attack on SAP systems. [shutterstock: 399288955, hywards]

Development systems and extensive authorizations can increase the risk of an attack on SAP systems. [shutterstock: 399288955, hywards]

SAP Transport Management Part 2: Circumventing Authority Checks

The first article of this series talked about the global deactivation of authorization checks for single authorization objects per transport. A similar risk results from the possibility of deactivating authorization checks transaction-specifically. It is even more difficult to detect an attack if this method is used, as the impact can be limited to one transaction.

[Read more]

The opinions on the SAP authorization concept diverge widely. The concept works well in theory, in practice, vulnerabilities do exist. [shutterstock: 624185789, Markus Mainka]

The opinions on the SAP authorization concept diverge widely. The concept works well in theory, in practice, vulnerabilities do exist. [shutterstock: 624185789, Markus Mainka]

SAP Transport Management Part 1: Circumventing Authority Checks

The opinions on the SAP authorization concept diverge widely. Surely, a certain complexity and the related maintenance effort cannot be denied. Yet, the most important requirement, the gapless protection of all read and write accesses within a program, can be realized quite well – at least in theory. In practice, there are several options to circumvent authorization checks.

[Read more]

Exploiting the standard SAP Gateway is easier than breaking into an unsecured house. [shutterstock: 696021973, ra2studio]

Exploiting the standard SAP Gateway is easier than breaking into an unsecured house. [shutterstock: 696021973, ra2studio]

If You Have Heard Of The SAP Gateway, You Should Read This

It's amazing that this vulnerability was published as late as 2012, considering the fact that the SAP gateway is a standard interface for every SAP system. And specifically interfaces should be secured by all means.

[Read more]

Even small changes in custom SAP code can have big - and sometimes negatve - impacts if not done correctly. There are however ways to solve this problem. [shutterstock: 473211280,turgaygundogdu]

Even small changes in custom SAP code can have big - and sometimes negatve - impacts if not done correctly. There are however ways to solve this problem. [shutterstock: 473211280,turgaygundogdu]

Code Quality: Small Solution – Big Impact

Just like in life, small things can have a big impact on SAP development. For example, the quality of the customer’s code naturally depends on several factors, like the correct interception of exceptions, the use of sufficient comments, and making sure that database access does not unnecessarily waste any resources.

[Read more]

DevOps has brought with it a whole new spectrum of SAP-security related risks. DevSecOps is the answer. [shutterstock: 581136349, Kalakruthi]

DevOps has brought with it a whole new spectrum of SAP-security related risks. DevSecOps is the answer. [shutterstock: 581136349, Kalakruthi]

DevSecOps – Same Subject, Different Day

It sometimes seems like new trends aren't even that new. This is especially hard to notice, if the trend has even gotten a new new. This is the case with DevOps or DevSecOps if security is being included.

[Read more]

Unsecured interfaces are one of the top issues in SAP security. Hackers and data thieves can gain access via the unsecured backdoor. [shutterstock: 787105330, g0d4ather]

Unsecured interfaces are one of the top issues in SAP security. Hackers and data thieves can gain access via the unsecured backdoor. [shutterstock: 787105330, g0d4ather]

Do you know your interfaces – all of them?

Unsecured interfaces to and from SAP systems open the doors to hackers. Many companies are aware of this – yet they still do not have sufficient security measures in place. Solutions with which interfaces in SAP system landscapes can be analyzed and monitored comprehensively are needed

[Read more]