Skip to content

SAP Security Response Names SecurityBridge’s Research Lab As Top-3 Worldwide; Joris Van De Vis Appointed Lab’s Director

Research Lab

New York, NY, January 23, 2024 – SecurityBridge, a leading global provider of SAP security solutions, today announced the SAP Security Response Team has rated the SecurityBridge Research Lab among the Top-3 sources for discovering and reporting vulnerabilities in SAP software. The research lab has found and reported over 100 zero-day vulnerabilities that contribute to securing the SAP ecosystem, SAP products, and SAP customer platforms worldwide. This accolade underscores the research lab’s exceptional contributions to SAP security and positions SecurityBridge as a crucial partner for those seeking to fortify their SAP installations.

The SecurityBridge Research Lab’s involvement extends beyond reporting vulnerabilities and is instrumental in analyzing newly released SAP security notes on Patch Tuesday. These insights contribute to the proactive protection of SAP customers, as SAP patches and detection signatures are seamlessly integrated into the SecurityBridge platform.

A significant development in the research lab’s history is the appointment of Joris Van De Vis, SecurityBridge’s Director of Security Research and Lab Director. As co-founder of the recently acquired Protect4S organization, Joris brings more than two decades of SAP security experience and has been credited with identifying over 100 SAP vulnerabilities. While at Protect4S, he was a frequent SAP security speaker at international security conferences, large enterprises, the Dutch government, the Dutch user association VNSG, and SAP’s annual security conference. Joris’ skills amplify SecurityBridge’s capabilities to analyze newly released SAP security notes on Patch Tuesday. These insights further help the lab proactively protect SAP customers.

“The SAP Security Response Team has duly recognized the efforts of the SecurityBridge Research Lab, acknowledging its pivotal role in uncovering vulnerabilities,” Joris said. “We are proud the SAP Security Response Team has swiftly created numerous patches to rectify the vulnerabilities our research lab has discovered.”

The SecurityBridge platform seamlessly integrates with any SAP environment, and the research lab findings are automatically included within the patches. For more information, please visit securitybridge.com or call +1 (416) 821 0850.

About SecurityBridge:
SecurityBridge is an SAP security platform provider developing tools to extend the SAP ecosystem. Unlike traditional security solutions, the company believes SAP applications and custom code will always be compromised despite diligent security and hygiene efforts. In response to this belief, SecurityBridge created its integrated real-time solution for constant monitoring. Powered by anomaly detection, the SecurityBridge platform can differentiate between accurate results and false positives so that security teams can better focus on real issues. For more information, please visit securitybridge.com.

Press Contact:

SecurityBridge GmbH
Münchener Str. 49
85051 Ingolstadt
Germany
+49-841 93914840
www.securitybridge.com

Patricia Franco
Marketing Manager
Patricia.Franco@securitybridge.com

BridgeView Marketing
Betsey Rogers
603-305-3721
betsey@bridgeviewmarketing.com

Posted by

Raffaella Ronzi

#sapsecurity

Download the Complete Press Release 

Download the White Paper “Bridging the Gap – How SecurityBridge Supports NIST CSF in SAP Environments”. Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.
hacking
In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.
code pc
In one of our recent articles, we pointed out the use of Access Control Lists (ACLs) to better manage access control. Below, we will show a practical example of how this can be done for inbound HTTP communication with the ‘Internet Communication Manager’ (ICM) component of an SAP system.
SAP Security Patch Tuesday 2024
For February 2024, 13 new Security Notes have been released and 3 have been updated. Lets look at some highlights, starting with the ‘HowNews’ notes.