My name is Christoph Nagy. I am the founder and managing director of SecurityBridge - NCMI GmbH. We develop strategic security solutions for our customers, enabling them to perform automated analysis of security settings and to detect and prevent cyber-attacks against SAP© in real-time.
Today is another SAP Security Patch Day. In May 2023, the SAP Response Team released 20 SAP Security Notes, including Evergreen 2622660 Security updates for the browser control Google Chromium delivered with SAP Business Client with HotNews priority. Besides two updated Notes, SAP Security Patch Day May 2023, contains 18 new security updates for the vast SAP Product portfolio while the majority relates to SAP Business Objects.
SAP developers know that ABAP/4 (Advanced Business Application Programming) is not immune to security vulnerabilities like any other programming language. One significant security risk associated with SAP ABAP is directory traversal vulnerability.
In this blog post, we will discuss what a directory traversal vulnerability is, why it is a problem for SAP customers, how it can be exploited, and what measures to take to prevent it.
In our webinar on April 27th at 15 CEST, SecurityBridge and Turnkey Consulting will provide valuable insights into KRITIS compliance.
On April 11th, SAP released its latest Security Patch Day following the Easter break. This day is crucial for businesses that rely on SAP software and are concerned about cybersecurity. In this article, we will take a closer look at four HotNews patches that have been released or updated. HotNews patches are the most critical patches that SAP releases.
Security-by-design is a principle that emphasizes the need to build security measures into software systems from the start rather than as an afterthought.
SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application. Thus, they should prioritize security when designing and implementing their SAP systems rather than attempting to bolt on security measures afterward. This can help to prevent security breaches and minimize the damage caused by cyberattacks.
In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.
March 2023 Security Patch Day shines because of the publication of five (5) critical corrections ranging between CVSS 9.0 and 9.9.
The DSAG Technology Days are one of the most important events for information exchanges between SAP technologists and SAP technology enthusiasts. The essential thing for the almost 2,000 participants is: hands-on! There will be practice-oriented lectures, discussion panels, TED speeches, and expert sessions on the agenda. Simultaneously, the accompanying exhibition with SAP partners is an arena for deeper dialogue with SAP specialists, networking, and forming new collaborations.
This article is part of our series that aims to provide SAP users with an overview of the most common vulnerability types in the SAP technology stack. While many of these vulnerabilities can also apply to other IT systems or applications, our focus is on the specific risks that SAP customers should be aware of. Organizations can take proactive measures to secure their systems and protect sensitive information from unauthorized access by understanding these vulnerabilities.
Today, on February 14th, 2023, the SAP response team released security patches to the SAP product portfolio, consisting of 21 SAP Security Notes.
