Skip to content

Ivan Mans

coding

Remote Code Execution (RCE) Vulnerability in SAP 

Remote Code Execution (RCE) vulnerability in SAP is a type of security issue that allows an attacker to execute arbitrary code on a target system remotely. has gained control of a user’s click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.

clickjacking SAP illustration

SAP Clickjacking Vulnerability: Understanding the Risk and Protecting Your System

This article is part of our series that aims to provide SAP users with an overview of the most common vulnerability types in the SAP technology stack. Unless successfully prevented, SAP is impacted by Clickjacking Vulnerability, particularly in the SAP NetWeaver Application Server Java, Enterprise Portal (EP).

If an application is susceptible to clickjacking, an attacker may execute the clickjacking attacks against users of the platform. A clickjacking attack in the SAP framework could make it possible for an attacker to inject malicious code into SAP applications and hijack user clicks. Once an attacker has gained control of a user’s click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.

sql injection vulnerability

SQL Injection vulnerability in ABAP/4

One sort of security flaw known as SQL Injection is present in many software programs, including those created in ABAP/4. This article is part of a series that aims to explain individual vulnerability types commonly addressed by SAP Security Notes.
This vulnerability has major implications for firms that use SAP systems since it allows unauthorized users to access critical corporate data and do actions, they should not be able to undertake. This post will go through what this vulnerability is, the risks it poses to SAP users, and techniques for mitigating and working around it.

SAP Authority vulnerability check

Missing SAP Authority vulnerability check

Enterprises all over the world widely utilize SAP systems to handle company operations. As a result, these systems must stay safe and secure against potential vulnerabilities. This article will discuss the “Missing SAP Authority Vulnerability Check” as a specific vulnerability type that can affect SAP systems.

This vulnerability has major implications for firms that use SAP systems since it allows unauthorized users to access critical corporate data and do actions, they should not be able to undertake. This post will go through what this vulnerability is, the risks it poses to SAP users, and techniques for mitigating and working around it.

SAP Security Services

Game changer: Managed SAP Security Services

Many companies have recognized the need for SAP cybersecurity, but many have also realized that they cannot accomplish this alone. There are many reasons for this. It can be due to the internal teams’ workload or due to the employee’s level of knowledge.

However, there is a solution that neither burdens your internal staff nor demands additional knowledge. A specialized managed SAP Security Service allows you to harden mission-critical systems, detect and promptly counteract non-compliance, and implement monitoring with accurate anomaly detection.

SAP Cybersecurity Risks

External vs. Internal SAP Cybersecurity Risks: The differences

Recently, we gave an insight into the known SAP attackers in our blog. Of course, it can already be deduced from this that there are internal and external SAP attackers. That is why today, we want to look at this from an SAP cybersecurity risk perspective.

SAP BTP security considerations

SAP Business Technology Platform (SAP BTP) Security Considerations

Certainly, inspired by the many conversations we had at this year’s DSAG Annual Congress 2022, it is time to give some insights into the SAP Business Technology Platform. As a software vendor with a core focus on SAP security, it is our job to look at the security concerns of new SAP technology. Our approach is to understand our customers’ concerns and integrate effective and efficient solutions into our cybersecurity solution for SAP. The SAP Business Technology Platform is the talk of the town and seems to be SAP’s new winning concept.

SAP Attackers

Who are the typical SAP attackers?

We are asked many times and have already addressed this in our open webinars (link to event recordings overview), which SAP attackers exist? With this blog, we would like to share some insight and answer this question.

SAP Debugger

SAP Debugger, powerful yet dangerous! 

The SAP Debugger, also known as the ABAP Debugger, is one of the most important development tools offered by SAP. An ABAP developer or a technical SAP consultant uses it to analyze problems or to simulate program flows. Usually, the debugger is simply used to understand a certain behavior in SAP ERP and to identify or understand customizing options.

Microsoft Azure for SAP

3 reasons why Microsoft Azure is attractive for SAP customers

Azure is a hyper-scaler like Amazon AWS or Google Cloud. These big three have recognized the opportunity to offer computing power for the computer-intensive business applications of SAP. SAP virtualization is now easier in the cloud than in your own data center.