Palo Alto, CA – July 9, 2012 In June, ERPScan conducted the third regular meeting with SAP Security Response Team in Walldorf, Germany. The security of SAP architecture was discussed at the meeting. Apart from the official discussion, ERPScan conducted a workshop for SAP specialists about the secure architecture of complex enterprise applications and web services as well as defense from the latest threats.
The interesting thing about SAP security is that simple, tried-and-true solutions are typically inapplicable. With such a complex architecture and deep integration with other products, an enormous lot of small factors appear in the process and have to be accounted for. This is a challenge to develop alternative approaches which will provide the best security/global compatibility ratio. And this is possible thanks to active and effective collaboration
– says Alexander Polyakov, ERPScan CTO.
ERPScan has established a good relationship with SAP AG by helping to eliminate more than 50 vulnerabilities in various SAP products during the last 5 years. SAP has documented this achievement on its acknowledgements page for security researchers. So our qualification as the top-level SAP security assessors has been acknowledged by the vendor once more
– Alexander Polyakov, ERPScan CTO, comments on the meeting.
We can confirm that SAP has made new significant steps towards product security this year. They have eliminated several architecture vulnerabilities and greatly enhanced the default security settings of their system. For the most part, the security of an enterprise is the responsibility of the system administrator now. During enterprise security assessment, we still see a lot of issues published 5 or 6 years ago and repeatedly mentioned in secure configuration manuals
– says Alexander Polyakov.