Skip to content

Key Insights Blog

Read the latest insights from our experts on Cybersecurity and Risk management for SAP. 

March 31, 2023
#sapsecurity
Security-by-design is a principle that emphasizes the need to build security measures into software systems from the start rather than as an afterthought. SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application. Thus, they should prioritize security when designing and implementing their SAP systems rather than attempting to bolt on security measures afterward. This can help to prevent security breaches and minimize the damage caused by cyberattacks.
March 22, 2023
#RCEvulnerability, SAPvulnerability, SAPvulnerabilitymanagement
Remote Code Execution (RCE) vulnerability in SAP is a type of security issue that allows an attacker to execute arbitrary code on a target system remotely. has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.
March 20, 2023
#dashboard, #newfeature, #news, #productannouncement, #sapsecurity
SAP security provider SecurityBridge—now operating in the U.S.—today announced the latest addition to the SecurityBridge Platform—the Management Dashboard for SAP security. The SAP Management Dashboard is a no-cost, additional application for the existing SecurityBridge Platform that combines all SAP data aspects and presents the information through a customizable, single pane of glass security dashboard view.
Category:
March 16, 2023
#cyberattack, #hacker, #sapsecurity
In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.
March 16, 2023
#SAPclickjacking, #sapvulnerability, #sapvulnerabilitymanagement
This article is part of our series that aims to provide SAP users with an overview of the most common vulnerability types in the SAP technology stack. Unless successfully prevented, SAP is impacted by Clickjacking Vulnerability, particularly in the SAP NetWeaver Application Server Java, Enterprise Portal (EP). If an application is susceptible to clickjacking, an attacker may execute the clickjacking attacks against users of the platform. A clickjacking attack in the SAP framework could make it possible for an attacker to inject malicious code into SAP applications and hijack user clicks. Once an attacker has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.
March 15, 2023
#businessconference, #event, #SAPinsider, #SAPinsider2023, #sapsecurity
SAP security provider SecurityBridge—now operating in the U.S.—today announced Bill Oliver, the company’s Technical Director of the Americas, has been selected to speak at SAPinsider Vegas 2023, held March 20-23.
Category:
March 14, 2023
#patch, #sapsecurity
March 2023 Security Patch Day shines because of the publication of five (5) critical corrections ranging between CVSS 9.0 and 9.9.
March 1, 2023
#DSAG2023, #events, #sapvulnerability
The DSAG Technology Days are one of the most important events for information exchanges between SAP technologists and SAP technology enthusiasts. The essential thing for the almost 2,000 participants is: hands-on! There will be practice-oriented lectures, discussion panels, TED speeches, and expert sessions on the agenda. Simultaneously, the accompanying exhibition with SAP partners is an arena for deeper dialogue with SAP specialists, networking, and forming new collaborations.
Find recent Security Advisories for SAP©

You like it?
Share it!

Webinar: SAP Security Baseline: Surviving an SAP Audit

With the recent increase in attention to SAP security from auditors, we decided to investigate SAP baselines. We took a closer look into what SAP baselines are, how they can help you, and how to survive an audit.
Download the White Paper “Bridging the Gap – How SecurityBridge Supports NIST CSF in SAP Environments”. Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.
Download the White Paper “Which cybersecurity framework is the best fit for SAP application security?” to learn more about the available frameworks, the challenges when adopting a framework, and more.