Contact us today.

Subscribe me to your mailing list


SAP Security for CISO. Part 14: SAP SoD

Let’s start with the oldest and most known SAP Security area – SAP Segregation of Duties or SAP SOD. I will try to embrace it in general, without in-depth details.

Plenty of articles that cover various aspects of SAP Security especially concerning vulnerabilities and risks paved the way for today’s discussion on how we can protect SAP (which is of particular importance now given the upcoming GDPR).

Read more..

SAP S/4 HANA Security Guide: Introduction

This article is the first and introductory part of a new series of guidelines describing the main security areas of SAP S/4 HANA and SAP HANA systems.

It is well-known that ERP systems such as SAP ECC and SAP S/4 HANA in particular may dramatically enhance the quality and speed of the management of all the information and resources involved in a company’s operations.
Read more..

SAP Vulnerability Management. Part 4: Reporting

Vulnerability Management is the most fundamental security practice that provides discovery and security assessments of SAP systems. An approach to recognizing weak points drives security patching, incident management, security event monitoring and all other security capabilities.

Read more..

SAP Services detection via Nmap probes

This article aims at showing how to improve the capability of the Nmap network scanner to detect SAP services. This is by no mean a complete and 100% exact way of doing service detection as a lot of corner cases exist that are not covered in this text. If you want a more comprehensive way to do SAP services detection and even much more, the ERPScan Monitoring Suite is a good starting point with its port scanner feature.
Read more..

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 6: Insecure settings

A typical PeopleSoft system is quite large and complex, so there are a lot of settings, which affect its security. Some of them we have already described. This part of the guideline is focused on specific insecure configurations, which can’t be tied to any other group.

There are 4 important areas that should be covered; one is common for any large ERP system and the remaining ones are specific to PeopleSoft.
Read more..

GDPR for SAP: How to find personal data and assess privacy risks?

Numerous organizations, which implemented SAP products, have a large backlog of measures needed to establish secure information processing. SAP systems are so complicated and mission-critical that many IT professionals consider unsafe but functioning SAP systems as an upbeat state of affairs.

The forthcoming GDPR will disrupt the status quo and force CISOs to implement data privacy controls in SAP systems. This article is intended to contribute to the improvement of security of existing SAP systems and data handling to meet GDPR requirements.
Read more..