Skip to content
Linkedin Twitter Facebook Xing

Responsible Disclosure Policy

As a leading solution provider of a cybersecurity platform for SAP customers, the protection of our customers and partners is our highest goal. We use modern tools and processes to test our solutions for defects in the best possible way. Defined quality gates have been established to ensure that program errors that could lead to a vulnerability are detected early in the development process. Likewise, we undergo a separate testing protocol for each package that leaves our premises, which also highlights security aspects.

Updated and Effective: Feb 9th, 2021

Data security is a top priority for NCMI GmbH // SecurityBridge, and we believe that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in Issuer Direct’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy:

  • If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at support@securitybridge.com. We will acknowledge your email within 4 hours.
  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 24 hours of disclosure.
  • Make a good faith effort to avoid violating the privacy, destroying data, or interrupting or degrading the Issuer Direct service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

Research Policy:

While researching, we’d like you to refrain from:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Issuer Direct employees or contractors
  • Any attacks against NCMI’s physical property or data centers.

Thank you for helping to keep SecurityBridge Direct and our Customers safe!

Latest Resources

  • #sapsecurity

6 Principles for Security-by-design for SAP

Security-by-design is a principle that emphasizes the need to build security measures into software systems from the start rather than as an afterthought. SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application. Thus, they should prioritize security when designing and implementing their SAP systems rather than attempting to bolt on security measures afterward. This can help to prevent security breaches and minimize the damage caused by cyberattacks.

Learn more

  • #event

Webinar: SAP Security Baseline: Surviving an SAP Audit

With the recent increase in attention to SAP security from auditors, we decided to investigate SAP baselines. We took a closer look into what SAP baselines are, how they can help you, and how to survive an audit.

Learn more

  • #RCEvulnerability, SAPvulnerability, SAPvulnerabilitymanagement

Remote Code Execution (RCE) Vulnerability in SAP 

Remote Code Execution (RCE) vulnerability in SAP is a type of security issue that allows an attacker to execute arbitrary code on a target system remotely. has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.

Learn more

  • #dashboard, #newfeature, #news, #productannouncement, #sapsecurity

SecurityBridge Introduces The SAP Management Dashboard – The Real-Time, Customizable Data View and Analysis Solution For SAP Security

SAP security provider SecurityBridge—now operating in the U.S.—today announced the latest addition to the SecurityBridge Platform—the Management Dashboard for SAP security. The SAP Management Dashboard is a no-cost, additional application for the existing SecurityBridge Platform that combines all SAP data aspects and presents the information through a customizable, single pane of glass security dashboard view.

Learn more

  • #cyberattack, #hacker, #sapsecurity

How to detect script-based attacks against SAP? 

In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.

Learn more

  • #SAPclickjacking, #sapvulnerability, #sapvulnerabilitymanagement

SAP Clickjacking Vulnerability: Understanding the Risk and Protecting Your System

This article is part of our series that aims to provide SAP users with an overview of the most common vulnerability types in the SAP technology stack. Unless successfully prevented, SAP is impacted by Clickjacking Vulnerability, particularly in the SAP NetWeaver Application Server Java, Enterprise Portal (EP). If an application is susceptible to clickjacking, an attacker may execute the clickjacking attacks against users of the platform. A clickjacking attack in the SAP framework could make it possible for an attacker to inject malicious code into SAP applications and hijack user clicks. Once an attacker has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.

Learn more