Skip to content

Christoph Nagy

My name is Christoph Nagy. I am the founder and managing director of SecurityBridge - NCMI GmbH. We develop strategic security solutions for our customers, enabling them to perform automated analysis of security settings and to detect and prevent cyber-attacks against SAP© in real-time.

SAP ABAP Directory Traversal Vulnerability

SAP ABAP Directory Traversal Vulnerability: Risks and Solutions

SAP developers know that ABAP/4 (Advanced Business Application Programming) is not immune to security vulnerabilities like any other programming language. One significant security risk associated with SAP ABAP is directory traversal vulnerability.

In this blog post, we will discuss what a directory traversal vulnerability is, why it is a problem for SAP customers, how it can be exploited, and what measures to take to prevent it.

SAP security Patch day

SAP Security Patch Day – April 2023

On April 11th, SAP released its latest Security Patch Day following the Easter break. This day is crucial for businesses that rely on SAP software and are concerned about cybersecurity. In this article, we will take a closer look at four HotNews patches that have been released or updated. HotNews patches are the most critical patches that SAP releases.

SAP security by design

6 Principles for Security-by-design for SAP

Security-by-design is a principle that emphasizes the need to build security measures into software systems from the start rather than as an afterthought.

SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application. Thus, they should prioritize security when designing and implementing their SAP systems rather than attempting to bolt on security measures afterward. This can help to prevent security breaches and minimize the damage caused by cyberattacks.

Hacker mining SAPsecurity

How to detect script-based attacks against SAP? 

In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.

DSAG hackathon business event

DSAG Technology Days under the title “Work in progress”

The DSAG Technology Days are one of the most important events for information exchanges between SAP technologists and SAP technology enthusiasts. The essential thing for the almost 2,000 participants is: hands-on! There will be practice-oriented lectures, discussion panels, TED speeches, and expert sessions on the agenda. Simultaneously, the accompanying exhibition with SAP partners is an arena for deeper dialogue with SAP specialists, networking, and forming new collaborations.

SAP vulnerability

SAP Information Disclosure Vulnerability

This article is part of our series that aims to provide SAP users with an overview of the most common vulnerability types in the SAP technology stack. While many of these vulnerabilities can also apply to other IT systems or applications, our focus is on the specific risks that SAP customers should be aware of. Organizations can take proactive measures to secure their systems and protect sensitive information from unauthorized access by understanding these vulnerabilities.