Close

have questions?

Contact us today.

Subscribe me to your mailing list

SAP HANA Security

SAP Security for CISO. Part 5: four Cs of SAP Cybersecurity

in the previous post, we dispelled some SAP Cybersecurity myths. Today we will discuss how SAP cybersecurity differs from traditional IT security. While usually security is security, no matter what one deals with, in SAP area there are some distinctive features. Four main differences between SAP (or any other enterprise business application) and traditional applications can be described by using four Cs.
Read more..

SAP Note Security Analysis – January 2016

SAP has released the monthly critical patch update for January 2016. This patch update closes 23 vulnerabilities in SAP products (including ones closed after the second Tuesday of the previous month and before the second Tuesday of this month). Among them, there are 20 Patch Day Security Notes and 3 Support Package SAP notes. 13 of these SAP Notes have a high priority rating. The highest CVSS score of the vulnerabilities is 6.4.
Read more..

SAP Security Notes October 2015 – Review

SAP has released the monthly critical patch update for October 2015. This patch update closes 29 vulnerabilities in SAP products, 15 of which are high priority, some of them belong to the SAP HANA security area. The most common vulnerability is Missing Authorization Check (as it was in SAP Security Notes September 2015). This month, one critical vulnerability found by ERPScan researcher Mathieu Geli was closed. This vulnerability also affects SAP HANA security and has the highest CVSS score among all issues closed by the update.
Read more..

SAP Security Notes August 2015 – Review

SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is Cross Site Scripting (XSS). This month, three critical vulnerabilities found by ERPScan researchers Dmitry Chastukhin, Vahagn Vardanyan, Roman Bezhan were closed.

Read more..

Securing SAP Systems from XSS vulnerabilities. Part 4: Defense for SAP HANA XS

Today’s post is the last in the series of articles about XSS vulnerabilities in SAP systems. The previous parts describe how to prevent XSS in SAP NetWeaver ABAP and SAP NetWeaver J2EE.

XSS is one of the most popular vulnerabilities and its effect can range from a petty nuisance to a significant cybersecurity risk, depending on the sensitivity of the data. In SAP products, 628 XSS vulnerabilities were discovered that is almost 22% of all vulnerabilities found in SAP in 12 years.

Read more..

SAP Security Notes July 2015 – Review

SAP has released the monthly critical patch update for July 2015. This patch update closes a lot of vulnerabilities in SAP products, some of them belong to the SAP HANA security area. The most common vulnerability is Missing Authorization Check. This month, one critical vulnerability found by ERPScan researcher Alexander Polyakov was closed.

Read more..