Skip to content
Linkedin Twitter Facebook Xing

Key Insights Blog

Read the latest insights from our experts on Cybersecurity and Risk management for SAP. 

March 31, 2023
#sapsecurity

6 Principles for Security-by-design for SAP

Security-by-design is a principle that emphasizes the need to build security measures into software systems from the start rather than as an afterthought. SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application. Thus, they should prioritize security when designing and implementing their SAP systems rather than attempting to bolt on security measures afterward. This can help to prevent security breaches and minimize the damage caused by cyberattacks.
Category:
March 22, 2023
#RCEvulnerability, SAPvulnerability, SAPvulnerabilitymanagement

Remote Code Execution (RCE) Vulnerability in SAP 

Remote Code Execution (RCE) vulnerability in SAP is a type of security issue that allows an attacker to execute arbitrary code on a target system remotely. has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.
Category:
March 20, 2023
#dashboard, #newfeature, #news, #productannouncement, #sapsecurity

SecurityBridge Introduces The SAP Management Dashboard – The Real-Time, Customizable Data View and Analysis Solution For SAP Security

SAP security provider SecurityBridge—now operating in the U.S.—today announced the latest addition to the SecurityBridge Platform—the Management Dashboard for SAP security. The SAP Management Dashboard is a no-cost, additional application for the existing SecurityBridge Platform that combines all SAP data aspects and presents the information through a customizable, single pane of glass security dashboard view.
Category:
March 16, 2023
#cyberattack, #hacker, #sapsecurity

How to detect script-based attacks against SAP? 

In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.
Category: ,
March 16, 2023
#SAPclickjacking, #sapvulnerability, #sapvulnerabilitymanagement

SAP Clickjacking Vulnerability: Understanding the Risk and Protecting Your System

This article is part of our series that aims to provide SAP users with an overview of the most common vulnerability types in the SAP technology stack. Unless successfully prevented, SAP is impacted by Clickjacking Vulnerability, particularly in the SAP NetWeaver Application Server Java, Enterprise Portal (EP). If an application is susceptible to clickjacking, an attacker may execute the clickjacking attacks against users of the platform. A clickjacking attack in the SAP framework could make it possible for an attacker to inject malicious code into SAP applications and hijack user clicks. Once an attacker has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.
Category:
March 15, 2023
#businessconference, #event, #SAPinsider, #SAPinsider2023, #sapsecurity

SecurityBridge Selected By SAPinsider To Present New Innovations and Approaches for SAP Cybersecurity

SAP security provider SecurityBridge—now operating in the U.S.—today announced Bill Oliver, the company’s Technical Director of the Americas, has been selected to speak at SAPinsider Vegas 2023, held March 20-23.
Category:
March 14, 2023
#patch, #sapsecurity

SAP Security Patch Day – March 2023

March 2023 Security Patch Day shines because of the publication of five (5) critical corrections ranging between CVSS 9.0 and 9.9.
Category:
March 1, 2023
#DSAG2023, #events, #sapvulnerability

DSAG Technology Days under the title “Work in progress”

The DSAG Technology Days are one of the most important events for information exchanges between SAP technologists and SAP technology enthusiasts. The essential thing for the almost 2,000 participants is: hands-on! There will be practice-oriented lectures, discussion panels, TED speeches, and expert sessions on the agenda. Simultaneously, the accompanying exhibition with SAP partners is an arena for deeper dialogue with SAP specialists, networking, and forming new collaborations.
Category:
Find recent Security Advisories for SAP©
View Advisories

You like it?
Share it!

Accenture webinar

Webinar: SAP Security Baseline: Surviving an SAP Audit

With the recent increase in attention to SAP security from auditors, we decided to investigate SAP baselines. We took a closer look into what SAP baselines are, how they can help you, and how to survive an audit.
Learn more
White Paper - Bridging the Gap How SecurityBridge Supports NIST CSF in SAP Environments
Download the White Paper “Bridging the Gap – How SecurityBridge Supports NIST CSF in SAP Environments”. Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.
Which cybersecurity framework is the best fit for SAP application security?
Download the White Paper “Which cybersecurity framework is the best fit for SAP application security?” to learn more about the available frameworks, the challenges when adopting a framework, and more.