The upcoming Security & Control Forum is designed to provide a supportive and welcoming environment for attendees to address their concerns and find solutions regarding Cyber and Data Security, Internal Controls and Compliance.

This article demostrates the underutilized security benefits of SAProuter’s reverse invoke configuration through a test setup.

In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.

In one of our recent articles, we pointed out the use of Access Control Lists (ACLs) to better manage access control. Below, we will show a practical example of how this can be done for inbound HTTP communication with the ‘Internet Communication Manager’ (ICM) component of an SAP system.

Leiter des Forschungslabors ist Joris Van De Vis, Director of Security Research bei SecurityBridge und Mitgründer des SAP-Sicherheits-Spezialisten Protect4S, der seit September 2013 zu SecurityBridge gehört

For February 2024, 13 new Security Notes have been released and 3 have been updated. Lets look at some highlights, starting with the ‘HowNews’ notes.

While Patch Management helps you implement code fixes for known vulnerabilities in the system code, your SAP system still has a huge number of parameters and settings that influence the behavior of the application. Quite a few of them are security-related and have a significant impact on your attack surface.

It is key for the security of your business-critical SAP systems that you harden them.

The premier SAP Security Customer event is back and better than ever. We’re thrilled to invite you to our ‘Secure Together’ event, set against the breathtaking backdrop of the Euromast in Rotterdam, the Netherlands.

The inclusion of Privileged Access Management (PAM) in our platform marks a significant advancement for existing and future customers. Until now, our focus was primarily on monitoring and detection. With PAM, the platform extends its capabilities to grant, manage, and audit privileged access in SAP’s ABAP/4 based products. Looking ahead, we plan to expand this functionality to include JAVA-based SAP products too.