Let’s start with the oldest and most known SAP Security area – SAP Segregation of Duties or SAP SOD. I will try to embrace it in general, without in-depth details.
Plenty of articles that cover various aspects of SAP Security especially concerning vulnerabilities and risks paved the way for today’s discussion on how we can protect SAP (which is of particular importance now given the upcoming GDPR).
SAP, like any other large vendor, is evolving towards greater mobility and providing access to its applications from different devices located anywhere in the world. Therefore, its product portfolio includes solutions that allow mobile users to interact with business applications such as those based on ABAP, Java or HANA platforms. In this article, you will learn the most relevant explanatory notes about SAP Mobile Platform and SAP Afaria, their vulnerabilities and security trends. Read more..
In the previous article, we discussed SAP NetWeaver ABAP Platform and its vulnerabilities. Today’s topic is the J2EE platform, its architecture, vulnerabilities, and the latest trends in its cybersecurity.
The previous articles of SAP Security for CISO series covered examples of potential attacks on these systems, so now it is high time to learn how these attacks can be conducted via vulnerabilities discovered in SAP systems.
The information about a 0-day SAP vulnerability was published on LinkedIn on October 28, 2016. A researcher disclosed details of the vulnerability in SAP system that he had identified and stated as 0-day. As it turns out, the vulnerability was already patched by SAP on 13th of September by SAP Note 2344524, so technically it’s not a 0-day vulnerability, but 0-day details of the vulnerability, so to speak. However, as it takes time to implement a patch, most of SAP users may be still susceptible to attack by this issue. Read more..