SAST Security Policies: Automation and more transparency thanks to new update features

SAST Security PolicySecurity policies allow companies to ensure compliance with data integrity, secrecy, availability and authenticity. Such policies are constantly being updated and scaled to keep up with changes to ongoing operations. When additional policies are added in compliance with guidelines – for example a software update or a DSAG audit, the policy must be compared. To date, this has required checks by hand. Since the Release 5.0 SAST SUITE offers solution, providing automatic identification and adoption of deltas where policies differ.

Continue reading

Audit or Penetration testing? Find your vulnerabilities before you get hurt!

SAST-Blog_Audit-vs-Pentest_Abb_1804To answer the question of which Security & Compliance check is right for you, we must first remember that the term “vulnerabilities” can refer to very different levels of your system landscape and thus refer to a number of attack vectors.

This ranges from system-side levels (e.g. operating system and network security) to the underlying database including the current parameterization of your SAP systems down to the authorizations required for operations and applications, including any SoD conflicts.

So, the first question is – how sure are you that you know where your vulnerabilities are? Continue reading

General Data Protection Regulation – is your protection in place?

iStock-534223551The EU General Data Protection Regulation (EU GDPR) takes effect on May 25, 2018, and hardly a day goes by without some news about it – and that’s the way it should be! As demonstrated by a DSAG member survey of SAP users just a few weeks ago, only just over half of all the companies (53%) have a roadmap. To say nothing of full implementation of the new requirements.

Michael Muellner, Head of Security & Compliance at AKQUINET, discusses helps to make this topic accessible to you by building a bridge from the statutory requirements to steps in operations and concrete tips.

 

Continue reading

Is WannaCry possible for SAP systems?

shutterstock_157006316_akqw

Last year, WannaCry brought some companies to the edge of absolute ruin. While the most common entry vectors are known, companies are still making it much too easy for hackers.

Officially, emails were to blame for the largest-scale cyberattack in recent years. If users clicked on the mail attachment, WannaCry implanted malware into the computers, propagated itself, and encrypted accessible data in the blink of an eye. In an alternative scenario, hackers had infiltrated the manufacturer of a subsystem and built the malware code into a software patch.
While unfamiliar emails can simply be deleted, the deployment of such a patch can undermine the in-house security system with breathtaking speed.

Continue reading

Maximum access protection for your SAP tables and ABAP programs

AdobeStock_105300132w_jpgThe use of critical transactions is one of the most frequent items to be found on the lists of deficiencies prepared by auditors. And rightly so, since accessing SAP tables and ABAP programs with these kinds of transactions is unfortunately often associated with major security risks.

So how can you protect yourself from critical transaction accesses while ensuring your users have the permissions they need? Find out with our best practice tip.

Continue reading