In the previous article, we discussed SAP NetWeaver ABAP Platform and its vulnerabilities. Today’s topic is the J2EE platform, its architecture, vulnerabilities, and the latest trends in its cybersecurity.
The previous articles of SAP Security for CISO series covered examples of potential attacks on these systems, so now it is high time to learn how these attacks can be conducted via vulnerabilities discovered in SAP systems.
In the previous post, we dispelled some SAP Cybersecurity myths. Today we will discuss how SAP cybersecurity differs from traditional IT security. While usually security is security, no matter what one deals with, in SAP area there are some distinctive features. Four main differences between SAP (or any other enterprise business application) and traditional applications can be described by using four Cs.
In the SAP Security area, some myths persist. Fortunately, some of them are dispelled nowadays. By this post, I will debunk them once again as I did more than six years ago at the SourceBarcelona security conference in 2010 where I delivered my presentation ERP Security Myths, Problems, Solutions.
After we got to know what SAP is and why SAP Security is important, we are ready to take the next step, to learn a history of SAP Cybersecurity and the most significant research findings made so far. Now, in 2016 we can celebrate a kind of 10-year anniversary of REAL SAP Security, however, SAP Security dates back earlier than 2006. Let’s trace the history of SAP Security. Read more..