TRENDING TAGS

Cybersecurity and application security is a trend-driven field. While attackers continue to improve their attack techniques, defenders need to pay attention to these new trends. Follow our trending tags for information on specific topics.

SAP Security Patch Day – May 2022

SAP customers need to pay attention to the release of the SAP security updates, which have been published on 10th May 2022. This months SAP Security Patch Day contains 13(+2) patches that should be carefully reviewed.

SAP Security Patch Day – April 2022

Today, 12th of April 2022, SAP Security Patch Day revealed 22 new Security Notes for the SAP product portfolio. Including Spring4Shell correction and Log4j update.

SAP Security Patch Day – March 2022

Today, March 8, 2022, SAP has again released security updates to the comprehensive SAP product portfolio. The release counts 16 security patches released by SAP. This includes the notes that have been updated.

SAP Security Patch Day – February 2022

It seems like a bizarre coincidence that today, February 8th, is not only the second SAP Security Patch Day of the year but it's also Safe Internet Day! SAP security surely contributes!

How to secure the SAP Internet Communication Manager (SAP ICM)?

Once the SAP Internet Communication Manager (ICM) was activated in transaction SMICM, the SAP NetWeaver Application Server provides a web server that serves as the foundation for web-based SAP technologies like Fiori, WebDynpro, or Business Server Pages (BSP). Read the article to learn how to secure the SAP ICM.

Understand and reduce the Attack Surface

Knowing the attack surface in today’s world is very important to reduce the risk of exploitation of the so-called unknown unknown. Organizations need to assume that any application, also the enterprise-critical solutions from SAP, contains a severe vulnerability that can’t be patched since no patch is available. Waiting for the moment the vulnerability gets published and patched by the software vendor, may not be a safe bet, ...

SAP Security Patch Day – January 2022

On January 11, 2022, we celebrate the first SAP Security Patch Day of the year. We wish all those responsible for securing SAP a good and secure start in 2022. Unfortunately, the new year begins as the old year ended, with even more SAP vulnerabilities.

SAP Supply Chain Attack

What is a Supply chain attack vulnerability using the SAP Transport Management System? SAP transport content can be adjusted after being exported and passing through test deployment and QA processes. Learn why it is crucial to protect your SAP digital backbone.

SecurityBridge identified Supply Chain Vulnerability in SAP Transport System

Supply chain attacks are a new type of threat that targets software development departments and vendors. SecurityBridge has now identified a methodology that allows internal attackers without privileged rights to intervene undetected in the SAP soft-ware distribution process.

Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation in SAP Systems

The Log4j is a Java-based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution (RCE) vulnerability. An attacker can leverage this vulnerability to take full control of a targeted machine.

Latest Resources

Your Road to SAP Security

Download the White Paper "YOUR ROAD TO SAP SECURITY" to learn about the major milestones towards increasing the cybersecurity posture of your SAP systems.

Top mistakes to avoid in SAP security

Within this whitepaper you will learn about the key mistakes that can be avoided when it comes to SAP Security. History has shown that many companies have suffered from cyber incidents, moreover, not all incidents are reported or have been made available to the public.

SAP Security Product Comparison Report

Download the SAP Security Product Comparison Report and understand that holistic security for SAP can be delivered by a single solution.

How remote working affects your SAP security posture

In our webinar on May 7th, we showcased a potential attack on an SAP system, using techniques which are common tools among hackers. Using a password spray attack, we first tried to gain access to the system and subsequently extracted the password hashes of all users.