Complementing GRC – Testing the Forgotten Layer of SAP
For those of us old hands in the security industry we know that when security is done right processes flow smoothly, issues are rare, identified and mitigated before there is any real public perception...
View ArticleAnalyzing SAP Security Notes December 2013 Edition
CVSS distribution - SAP Security Notes December 2013 SAP is a complex and ever evolving implementation; whether that is through changes introduced to your SAP implementation to better serve the...
View ArticleAnalyzing SAP Security Notes January 2014 Edition
SAP is a complex and ever evolving implementation; whether that is through changes introduced to your SAP implementation to better serve the business or the newly disclosed vulnerabilities targeting...
View ArticleSecurity Geeks Introduction to SAP – RFC Destinations
As means of a background, I have been in the security field, specifically the pro-active testing (penetration testing) side of security for over a decade. As part of my role I would present at public...
View ArticleAnalyzing SAP Security Notes February 2014 Edition
SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or applying Security Notes (Patches) to ensure that newly...
View ArticleSecuring Your SAP Through Research
In the latest Notes Tuesday Onapsis was credited with discovering and reporting almost half (10 out of 23) of the vulnerabilities addressed by SAP (or alternatively three quarters or one third,...
View ArticleSAP Application Users: You can finally sleep at night!
Guest post from: Pete Nicoletti, CISO, Virtustream As an SAP user, you’re well aware of and are enjoying the benefits of the world best ERP system. The information that you create and use contributes...
View ArticleLogging IP addresses in the Security Audit Log
Hi! I was reviewing some events coming from the Security Audit Log and noticed an interesting behavior. For those who never heard about it, the Security Audit Log (a.k.a SAL) allows SAP security...
View Article5 Questions CISOs Should Ask About SAP Security
Over the last few weeks, Adrian Lane, CTO & Analyst from Securosis, a leading cyber-security analyst firm, published two blog posts from his ongoing series called “Building an Enterprise...
View ArticleProfile parameters… the never ending story
The world of profile parameters in SAP is vast and complicated as a user can change the entire behavior of the SAP by modifying some of these parameters. But just when we thought that we knew...
View Article
More Pages to Explore .....