Close

have questions?

Contact us today.

Subscribe me to your mailing list

SAP NetWeaver ABAP Security

SAP Security for CISO. Part 5: four Cs of SAP Cybersecurity

in the previous post, we dispelled some SAP Cybersecurity myths. Today we will discuss how SAP cybersecurity differs from traditional IT security. While usually security is security, no matter what one deals with, in SAP area there are some distinctive features. Four main differences between SAP (or any other enterprise business application) and traditional applications can be described by using four Cs.
Read more..

SAP NetWeaver ABAP Security Configuration. Part 9: Security Events Logging

Ninth critical issue. Logging of security events. Let us remind you, ERPScan’s team core purpose is to take the definition of the SAP security one step further by providing its own guidelines to help SAP users carry out various security checks. This article is no exception. Today, we’ll turn our attention to the next critical issue, which is the last one of all but not the least important.

Read more..

SAP NetWeaver ABAP Security Configuration. Part 8: Unencrypted connections

Seventh critical issue in SAP Security landscape: Unencrypted connections. To protect connections between the SAP NetWeaver system components, especially against the man- in-the-middle (MITM) attacks, it is necessary to ensure SAP security at the transport level. While using the Transport Layer Security (TLS), the data transmission may be protected from eavesdropping not only with encryption, but also with the partner authentication.

Read more..

SAP NetWeaver ABAP Security Configuration. Part 7: Access control and SOD conflicts.

Sixth critical issue. Access control and SOD conflicts. Few would try to argue that the SAP is immune to security system attacks and sensitive business data is well protected from the actions of adversaries. But now you have a chance to get to know about some of the basic operations one can perform to rise the SAP information security to a higher level. The goal of ERPScan team is to help IT personnel make critical decisions when identifying technologies and strategies to increase cybersecurity in business. ERPScan team publishes a variety of original content, written by IT professionals as a way to increase infosec specialists’ productivity around the world. Today, we’re going to speak about the sixth critical issue (see the list of critical issues in our first article) and the steps related.

Read more..

SAP NetWeaver ABAP Security Configuration. Part 6: Insecure Settings

Each application has several security settings that do not fit into any of the critical issues groups mentioned in our series of articles.Among such settings there are both standard settings (such as password length or the number of attempts given to enter invalid password) and the specific to the system, individual settings. In this article we are going to use as an example the SAP Gateway service access settings.
Read more..

SAP NetWeaver ABAP Security Configuration. Part 5: Open remote management interfaces

Today we are going on with our series of articles where we describe the 33 steps to cybersecurity. The subject is of great significance not only to a small group of SAP infosec specialists but to all those people who work with ERP systems as recent years have witnessed an increased awareness of business data protection problems. Not to go into details, let us get right to the topic.
Read more..