The subject area of SAP security is broad. In addition to a holistic approach that builds bridges, we also try to provide you with a lot of information.
On this page, you will find an overview of topics. If you have any questions about the topics or our products, please do not hesitate to contact us.

Additional layer for SAP Data Security

Wouldn’t it be great to have an additional and independent layer for SAP data security which prevents the unauthorized use and distribution of the captured data? The key success factor for this is, to always work with encrypted data.

What DevSecOps can look like for SAP

Organizations struggle with the fact that their SAP systems are hardly understood by the information security department team members. Read why DevSecOps for SAP could introduce a new approach with a more promising efficiency.

How to secure the SAP Internet Communication Manager (SAP ICM)?

Once the SAP Internet Communication Manager (ICM) was activated in transaction SMICM, the SAP NetWeaver Application Server provides a web server that serves as the foundation for web-based SAP technologies like Fiori, WebDynpro, or Business Server Pages (BSP). Read the article to learn how to secure the SAP ICM.

Understand and reduce the Attack Surface

Knowing the attack surface in today’s world is very important to reduce the risk of exploitation of the so-called unknown unknown. Organizations need to assume that any application, also the enterprise-critical solutions from SAP, contains a severe vulnerability that can’t be patched since no patch is available. Waiting for the moment the vulnerability gets published and patched by the software vendor, may not be a safe bet, ...

How Can Businesses Establish SAP Security?

It's clear that businesses can experience great losses due to vulnerability to cyber threats. And about 84% of cybersecurity leaders have identified employee error as the leading cause of cyberattacks. Additionally, nearly 74% of businesses have experienced security issues because their own workers violated rules.

SAP Supply Chain Attack

What is a Supply chain attack vulnerability using the SAP Transport Management System? SAP transport content can be adjusted after being exported and passing through test deployment and QA processes. Learn why it is crucial to protect your SAP digital backbone.

Log4j – Newsticker

Stay tuned and read regular updates on the Log4j zero day vulnerability - how it can affect your SAP systems, and what you can do to protect your IT infrastructure

Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation in SAP Systems

The Log4j is a Java-based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution (RCE) vulnerability. An attacker can leverage this vulnerability to take full control of a targeted machine.

The road to our new feature Security Roadmap

Over the past months, I've spent a lot of time talking to customers and prospects to better understand their requirements, challenges and motivations. In these conversations, one question has been frequently asked: "What's the best way to move forward in SAP security after the initial security analysis?"

SAP Secure Operations Map

The SAP Secure Operations Map is part of the security recommendations published by SAP and has been revised several times over the years. While this is well known to SAP security experts, much fewer people in Information Security are familiar with it.

Latest Resources

Your Road to SAP Security

Download the White Paper "YOUR ROAD TO SAP SECURITY" to learn about the major milestones towards increasing the cybersecurity posture of your SAP systems.

Top mistakes to avoid in SAP security

Within this whitepaper you will learn about the key mistakes that can be avoided when it comes to SAP Security. History has shown that many companies have suffered from cyber incidents, moreover, not all incidents are reported or have been made available to the public.

SAP Security Product Comparison Report

Download the SAP Security Product Comparison Report and understand that holistic security for SAP can be delivered by a single solution.

How remote working affects your SAP security posture

In our webinar on May 7th, we showcased a potential attack on an SAP system, using techniques which are common tools among hackers. Using a password spray attack, we first tried to gain access to the system and subsequently extracted the password hashes of all users.