Skip to content
My name is Christoph Nagy. I am the founder and managing director of SecurityBridge - NCMI GmbH. We develop strategic security solutions for our customers, enabling them to perform automated analysis of security settings and to detect and prevent cyber-attacks against SAP© in real-time.

How to detect script-based attacks against SAP? ...

In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.

Read More

SAP Security Patch Day – March 2023...

March 2023 Security Patch Day shines because of the publication of five (5) critical corrections ranging between CVSS 9.0 and 9.9.

Read More

DSAG Technology Days under the title “Work...

The DSAG Technology Days are one of the most important events for information exchanges between SAP technologists and SAP technology enthusiasts. The essential thing for the almost 2,000 participants is: hands-on! There will be practice-oriented lectures, discussion panels, TED speeches, and expert sessions on the agenda. Simultaneously, the accompanying exhibition with SAP partners is an arena for deeper dialogue with SAP specialists, networking, and forming new collaborations.

Read More

SAP Information Disclosure Vulnerability...

This article is part of our series that aims to provide SAP users with an overview of the most common vulnerability types in the SAP technology stack. While many of these vulnerabilities can also apply to other IT systems or applications, our focus is on the specific risks that SAP customers should be aware of. Organizations can take proactive measures to secure their systems and protect sensitive information from unauthorized access by understanding these vulnerabilities.

Read More

SAP Security Patch Day – February 2023...

Today, on February 14th, 2023, the SAP response team released security patches to the SAP product portfolio, consisting of 21 SAP Security Notes.

Read More

How will AI like OpenGPT change the...

With the release of OpenAI’s GPT-3 language model, we have reached a significant milestone in the evolution of AI. This model can understand and generate human-like text with remarkable accuracy. As AI continues to advance, it has the potential to impact the SAP security threat landscape.

Read More

What is the SAP cyber risk appetite?...

Businesses must be more cautious to protect themselves from cyber threats as digitalization and the use of SAP systems increase. SAP S/4HANA is critical for many enterprises as it provides the foundation for business operations. As digitalization and Industry 4.0 continue to increase, SAP S/4HANA lays the foundation for many modern business scenarios.

SAP systems are important for many industries and their security is a major concern, making them vulnerable to cyber attackers. This article will discuss cyber risks and how you can assess your individual and organizational SAP systems’ risks. What are cyber risks?

Read More

The three most common types of SAP...

Installing SAP patches is crucial for maintaining a robust and secure enterprise resource planning (ERP) system. SAP, one of the leading ERP systems in the world, is constantly evolving to meet the changing needs of businesses. As a result, SAP releases various patches to address issues and enhance the functionality of its software. However, installing SAP patches can present challenges for IT teams, such as ensuring minimal disruption to business operations, managing risks, and testing the non-implemented patches. This article will discuss the three most common types of SAP patches- kernel patches, snote patches, and support packs – and the best practices for installing them.

Read More

SAP Security Patch Day – January 2023...

10th January 2023 SAP response team sends some Happy New Year greeting to the SAP Security Teams, by releasing 10 SAP Security Notes.

Read More

SAP Security Patch Day – December 2022...

Today, December 13rd, 2022, is another day for SAP to release security updates for its wide-ranging product portfolio. SAP releases 14 new SAP security updates, as well as 4 updates from previous releases.

Read More

IT-SiG 2.0 – Angriffserkennung für SAP ab...

Viele unserer Leserinnen und Leser erinnern sich noch an den 25. Mai 2018, Stichtag der bindenden Einführung der Datenschutzgrundverordnung, kurz DSGVO. Verstöße gegen die neue Regelung können seitdem zu drakonischen Strafen führen. Nun steht, zumindest für diejenigen Unternehmen, die zur kritischen Infrastruktur (KRITIS) von Deutschland zählen, ein ähnlicher Termin ins Haus. Am 1. Mai 2023 müssen betroffene Unternehmen ein System zur Angriffserkennung eingeführt haben.

Read More

SAP Security Patch Day – November 2022...

Today, November 8, 2022, SAP releases a total of 10 patches and 2 updates from the previous released Patch Day Security Notes.

Read More

The difference between SAP Patch Management and...

Believe it or not, I’ve probably attended more customer meetings in 2022 than ever before. And the question about the difference between SAP Patch Management and SAP Vulnerability Management keeps appearing. To give a conclusively answer, we need to take a closer look at the two separate areas.

Read More

SAP Security Patch Day – October 2022...

11th October is not only the monthly SAP Security Patch Day, it is also the 1st day of the annual DSAG conference, this year taking place in Leipzig.

Read More

How to master SAP code vulnerabilities in...

After reading the title, you’re probably thinking – Why should legacy code be handled differently than new coding? Well, let’s draw up a real-life scenario to illustrate the challenges:

Read More