Contact us today.

Subscribe me to your mailing list

SAP HANA Security

SAP HANA Security patches ( SAP Security Notes December 2016 )

On 13th of December 2016, SAP released its monthly critical patch update consisting of 31 patches. To help everyone who is engaged in SAP patching process, ERPScan research team conducted a detailed review of the released SAP Security notes, in addition to that we described SAP HANA Security patches implementation as SAP HANA issues are the most important in his patch day. This analysis would also be useful for companies providing SAP Vulnerability Assessment, SAP Security Audit, or SAP Penetration Testing. Read more..

SAP Security for CISO. Part 5: four Cs of SAP Cybersecurity

In the previous post, we dispelled some SAP Cybersecurity myths. Today we will discuss how SAP cybersecurity differs from traditional IT security. While usually security is security, no matter what one deals with, in SAP area there are some distinctive features. Four main differences between SAP (or any other enterprise business application) and traditional applications can be described by using four Cs.

Read more..

SAP Note Security Analysis – January 2016

SAP has released the monthly critical patch update for January 2016. This patch update closes 23 vulnerabilities in SAP products (including ones closed after the second Tuesday of the previous month and before the second Tuesday of this month). Among them, there are 20 Patch Day Security Notes and 3 Support Package SAP notes. 13 of these SAP Notes have a high priority rating. The highest CVSS score of the vulnerabilities is 6.4.
Read more..

Oil and Gas Cyber Security – Questions and answers

At BlackHat Europe, Alexander Polyakov, CTO at ERPScan, and Mathieu Geli delivered a presentation detailing cybersecurity issues and misconfigurations affecting the oil and gas industry. In the interview, they highlighted particular vulnerabilities in SAP and Oracle and described how they can provide a route inside a company.
Read more..