As part of our “SAST DAYS” series, we regularly inform you about current developments and upcoming trends in the area of SAP Security & Compliance and offer a forum for an active Exchange.
Register now as a participant, as the places are limited as usual. (Please note: the event language is German.)
Our webinars offer you a forum in which you can get the answers to your specific questions about the latest topics in SAP Security & Compliance without having to invest a lot of time.
Are you unable to attend a live webinar? Our webinar archive allows you to individually schedule when you want to take advantage of our recommendations.
Check out our current topics.
SAP systems require special attention when it comes to their security and this is no longer news to anyone. More often than not, the ERP systems supplied from Walldorf in Baden-Württemberg store some of the most crucial and sensitive company data. That said, what is the best approach to achieving the optimum level of security? A security audit would fit the bill!
Started with two modules in 2006, the SAST SOLUTIONS portfolio now comprises a comprehensive combination of software, consulting and service, and offers a holistic solution for safeguarding SAP systems. In this interview, Managing Director Bodo Kahl talks about the topics that concern himself as well as the entire industry, and describes the qualities that characterize a good service provider for SAP security and compliance today.
Do you have an overview of the RFC interfaces in your SAP systems? The larger the company, the more interfaces there are. Unfortunately, these are often not taken into account when securing IT systems, thereby allowing hackers free access to sensitive data. The name of the game for SAP managers is therefore: Clean up and check.
SAP has developed a new product, SAP UI Data Security, to support data protection requirements in the SAP environment. UI Data Security comprises two components: UI Masking and UI Logging.
Continue reading
Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only reliable way to ensure SAP system security. Dedicated efforts to safeguard SAP environments, however, are both technically complex and contingent upon having a great deal of time and personnel. That’s why a managed service presents an attractive alternative.
Gunar Funke, head of SAP Manages Services SAST SOLUTIONS at AKQUINET, recently sat down with us to talk about why a managed service solution makes particular sense in the context of SAP security and what’s involved with regard to SAST SUITE.
In spite of the hype surrounding the cloud, the on-premise model in which customers run their own SAP software is still the norm. However, that doesn’t rule out a service provider handling part of the operations; indeed, hosting is a widely used model, particularly among SMEs. While the roles at hand are usually clearly assigned in a hosting model like this, the same unfortunately doesn’t always apply to SAP system security.
To achieve the most comprehensive protection possible against potential attacks in SAP environments (and deal with those that do occur), encryption mechanisms and up-to-date cryptography libraries are required using TLS.
(Partner blog post of SERPENTEQ GmbH)
On April 19, 2019, at the OPCDE Cyber Security conference in Dubai, security researchers Dmitry Chastuhin and Mathieu Geli gave a presentation called “SAP gateway to Heaven”. They re-visited two configuration issues (related to SAP Gateway and SAP Message Server) that have been known for many years and for which detailed security guidelines have been available for years. Now the researchers applied some admirably creative thinking to combine them.
Since May 2, 2019, the market for SAP security has known only one topic: the 10KBLAZE exploit toolkit, which has even prompted a warning from the U.S. Department of Homeland Security. Upon closer examination, however, it quickly becomes apparent that there’s not much news to report.
Managing a large number of user accounts often presents companies with a major challenge. It’s particularly difficult when user identities need to be maintained in several systems, directory services, or databases. This frequently results in a lack of transparency, conflicts in the segregation of duties (SoD), and an increase in the effort required to address them.
