SAP security is a great challenge and will be a challenge for many years to come. In order to thoroughly secure an SAP application, all of its components (i.e. SAP HANA) and potential threats need to be understood. SAP security is multi-layered, its building blocks…
At Cyber Security for SAP customers Las Vegas (2017) and Prague (2018) I touched upon the point of identity theft. Especially when one has legitimate access to one single box within a large SAP enterprise landscape it may not be a major challenge for a…
In this article, we would like to explain what known-unknowns or unknown-unknowns are and how those affect your SAP security risk. In February 2002 already, the former United States Secretary of Defense, Donald Rumsfeld, answered a question with the following statement:    Reports that say…
Rock climbers know, any missed step while preparing for the next climb can mean the difference between to live or to die. This equation also applies to security. In this blog article, we like to give you one example of how to use the Action…
In an earlier blog post I wrote about the SAP audit logging capabilities. When you have your security audit log activated, without the use of filters, you -no doubt- have a great affinity for SAP security. During my daily SAP project work, when speaking at…
Remote Function Calls (RFC) is the standard SAP interface for communication between SAP systems. RFC calls are also widely used for SAP to non-SAP communication, to call a (business) function in a connected SAP system. The underlying protocols used for SAP remote function calls are…
Learn how to secure your SAP landscape without jeopardizing resource capacity, stressing budgets and running lengthy projects. In the average security conscience corporation, there is a team of cybersecurity analysts monitoring the IT landscape around the clock to protect against malicious attacks, theft of intellectual…
is a question, which I have heard very frequent the last years. And yes, it is a quite good one, one which should be answered really carefully. Of course, security-patching of an SAP-system takes a lot of time and effort, and sometimes -to be truly…