Close

Have questions?

Contact us today.

Subscribe me to your mailing list

SAP HANA Security

SAP HANA Security patches ( SAP Security Notes December 2016 )

On 13th of December 2016, SAP released its monthly critical patch update consisting of 31 patches. To help everyone who is engaged in SAP patching process, ERPScan research team conducted a detailed review of the released SAP Security notes, in addition to that we described SAP HANA Security patches implementation as SAP HANA issues are the most important in his patch day. This analysis would also be useful for companies providing SAP Vulnerability Assessment, SAP Security Audit, or SAP Penetration Testing. Read more..

SAP Security for CISO. Part 5: four Cs of SAP Cybersecurity

In the previous post, we dispelled some SAP Cybersecurity myths. Today we will discuss how SAP cybersecurity differs from traditional IT security. While usually security is security, no matter what one deals with, in SAP area there are some distinctive features. Four main differences between SAP (or any other enterprise business application) and traditional applications can be described by using four Cs.
Read more..

SAP Note Security Analysis – January 2016

SAP has released the monthly critical patch update for January 2016. This patch update closes 23 vulnerabilities in SAP products (including ones closed after the second Tuesday of the previous month and before the second Tuesday of this month). Among them, there are 20 Patch Day Security Notes and 3 Support Package SAP notes. 13 of these SAP Notes have a high priority rating. The highest CVSS score of the vulnerabilities is 6.4.
Read more..

SAP Security Notes October 2015 – Review

SAP has released the monthly critical patch update for October 2015. This patch update closes 29 vulnerabilities in SAP products, 15 of which are high priority, some of them belong to the SAP HANA security area. The most common vulnerability is Missing Authorization Check (as it was in SAP Security Notes September 2015). This month, one critical vulnerability found by ERPScan researcher Mathieu Geli was closed. This vulnerability also affects SAP HANA security and has the highest CVSS score among all issues closed by the update.
Read more..