To answer the question of which Security & Compliance check is right for you, we must first remember that the term “vulnerabilities” can refer to very different levels of your system landscape and thus refer to a number of attack vectors.
This ranges from system-side levels (e.g. operating system and network security) to the underlying database including the current parameterization of your SAP systems down to the authorizations required for operations and applications, including any SoD conflicts.
So, the first question is – how sure are you that you know where your vulnerabilities are? Continue reading
Takeda’s twin objectives were to accelerate and simplify its authorization assignment process while deploying a tool that was simultaneously capable of providing vulnerability monitoring for its SAP backend worldwide. Continue reading
The addition “WITH HEADER LINE” has technically been unnecessary going back several SAP versions now. This is because the statement declares both internal tables and an additional data object – the header line.
There are a large number of notes that spread awareness that the use of this statement causes various content problems. Among other things, the use of the same name means that it is not immediately apparent as to whether you are working on a table or a header line.
However, what the notes typically do not warn you about is that this kind of programming goes hand in hand with security problems for your SAP systems.
In many SAP systems, there are RFC connections which address strange hostnames or even point to Amazon servers. This is due to the fact that SAP transports “RFC data garbage” from its own development computers to the customer during new installations.
Read our practical tip to discover the connections which this affects.
You might already know that, as of Release 7.40 Sp8, you can use SAP security policies to define user-specific security parameters, contrary to the system profile values. But did you also know that you can inadvertently weaken secure values such as login restrictions and password complexity as a result?
Our practical tip will show you how to effectively prevent such a weakening.
GRC tools, IT vulnerability analysis, authorization management, SIEM management – these are four of the top five topics cited by IT decision-makers when asked which current and future technologies are of vital importance to them. *
This means that the new release of GRC Suite SAST from AKQUINET – couldn’t have arrived at a better time to offer answers on some of the subjects that are on the minds of these managers right now. In this interview, Lars Henning (product manager for the SAST SUITE) presents the highlights of the latest version, along with some helpful tips.
Linde prioritized transparent and, in particular, timely success to guarantee a completely ensuring the security of their global SAP landscape.
At Linde, the sheer complexity of the SAP Systems meant that a Project of this scale would not be possible with internal resources and security knowhow alone.
The topic of IT security is ranked # 1 in market trends *. However, securing complex IT landscapes effectively is a big challenge for many companies: there is often a lack of trained IT staff and even more of the necessary security know-how.
Gunar Funke, Head of Services SAP Security at AKQUINET, describes his experiences and presents possible solutions.
Checklist to secure your SAP systems.
Do you know at any time who accesses the sensitive data of your SAP archive servers? In our penetration tests we experiencing it again and again: attacks on SAP archive systems are mostly successful, not recognized and therefore not logged and reported.
Analyze the RFC interfaces of your SAP Systems.
SAP interfaces are often not considered when SAP systems are protected. Therefore, they remain unprotected and provide attractive targets for attackers.
Experience from numerous SAP security audits and penetration tests for SAP systems shows repeatedly that, in almost every SAP system checked, unprotected interfaces exist that could allow attackers direct access to your SAP Systems.