in the previous post, we dispelled some SAP Cybersecurity myths. Today we will discuss how SAP cybersecurity differs from traditional IT security. While usually security is security, no matter what one deals with, in SAP area there are some distinctive features. Four main differences between SAP (or any other enterprise business application) and traditional applications can be described by using four Cs.
Read more »
in the previous post, we dispelled some SAP Cybersecurity myths. Today we will discuss how SAP cybersecurity differs from traditional IT security. While usually security is security, no matter what one deals with, in SAP area there are some distinctive features. Four main differences between SAP (or any other enterprise business application) and traditional applications can be described by using four Cs.Posted on April 27, 2016 | Filed under Blog
In the SAP Security area, some myths persist. Fortunately, some of them are dispelled nowadays. By this post, I will debunk them once again as I did more than six years ago at the SourceBarcelona security conference in 2010 where I delivered my presentation ERP Security Myths, Problems, Solutions.
Read more »Posted on April 21, 2016 | Filed under Blog
After we got to know what SAP is and why SAP Security is important, we are ready to take the next step, to learn a history of SAP Cybersecurity and the most significant research findings made so far. Now, in 2016 we can celebrate a kind of 10-year anniversary or REAL SAP Security, however, SAP Security dates back earlier than 2006. Let’s trace the history of SAP Security.
Read more »Posted on February 19, 2016 | Filed under Blog
Welcome to the second part of SAP Security for CISO series. This time, we will speak about SAP in particular and start from SAP Security for beginners. So, what is SAP? First of all, SAP is a German company that develops and sells business software. SAP is famous for its ERP system - the most widespread business application. However, SAP provides much more than just an ERP. In 2005, it introduced its SAP Business Suite – a number of integrated business applications such as ERP, CRM, PLM, SCM, and SRM. These business applications consist of different components. For example, ERP includes several basic modules such as FI/CO – finance and controlling, SD – Sales and Distribution, MM – Material Management, PP – Production Planning, HR – Human resources. SAP also delivers a scope of applications to fulfill specific industry requirements such as SAP modules for Oil, Gas or Retail companies, but basically, all those modules are just add-ons for their main platform, and they only introduce some business functionality while the platform is the same in terms of technical features. All these solutions have made SAP the world-renowned business application vendor with 250000 customers worldwide including 83% of Forbes 500.
Read more »Posted on December 16, 2015 | Filed under Blog
Recently ERPScan Research team has finished its series of blog entries on how to Secure SAP Systems from XXS vulnerabilities. Those entries prove themselves as a successful experience. Thus, I decided to launch a new series of articles "SAP Security for CISOs". You don't need to be a CISO to benefit from reading these articles. As far as they intended for everybody else, who is into security, but wants to know more about 'SAP Security' in particular, and doesn't know where to start from. However, this series of articles will provide a step-by-step dive into SAP Security for those who makes his first steps in this amazing adventure. I will try to keep it less technical due to the possibility of understanding the basics. So, all the CISOs, security engineers, administrators, security consultants, penetration testers, researchers and even basis team are welcome to read this blog.
Read more »Posted on August 5, 2015 | Filed under Blog