Contact us today.

Subscribe me to your mailing list

Alexander Polyakov

SAP Security for CISO. Part 14: SAP SoD

Let’s start with the oldest and most known SAP Security area – SAP Segregation of Duties or SAP SOD. I will try to embrace it in general, without in-depth details.

Plenty of articles that cover various aspects of SAP Security especially concerning vulnerabilities and risks paved the way for today’s discussion on how we can protect SAP (which is of particular importance now given the upcoming GDPR).

Read more..

SAP Security for CISO. Part 12: SAP Mobile Infrastructure Security

SAP, like any other large vendor, is evolving towards greater mobility and providing access to its applications from different devices located anywhere in the world. Therefore, its product portfolio includes solutions that allow mobile users to interact with business applications such as those based on ABAP, Java or HANA platforms. In this article, you will learn the most relevant explanatory notes about SAP Mobile Platform and SAP Afaria, their vulnerabilities and security trends.
Read more..

0-day SAP vulnerability published, here’s what you can do

The information about a 0-day SAP vulnerability was published on LinkedIn on October 28, 2016. A researcher disclosed details of the vulnerability in SAP system that he had identified and stated as 0-day. As it turns out, the vulnerability was already patched by SAP on 13th of September by SAP Note 2344524, so technically it’s not a 0-day vulnerability, but 0-day details of the vulnerability, so to speak. However, as it takes time to implement a patch, most of SAP users may be still susceptible to attack by this issue.
Read more..