TRENDING TAGS
Cybersecurity and application security is a trend-driven field. While attackers continue to improve their attack techniques, defenders need to pay attention to these new trends. Follow our trending tags for information on specific topics.
- #patch, #sapsecurity
SAP Security Patch Day – May 2023
Today is another SAP Security Patch Day. In May 2023, the SAP Response Team released 20 SAP Security Notes, including Evergreen 2622660 Security updates for the browser control Google Chromium delivered with SAP Business Client with HotNews priority. Besides two updated Notes, SAP Security Patch Day May 2023, contains 18 new security updates for the vast SAP Product portfolio while the majority relates to SAP Business Objects.
- #sapsecurity
SAP ABAP Directory Traversal Vulnerability: Risks and Solutions
SAP developers know that ABAP/4 (Advanced Business Application Programming) is not immune to security vulnerabilities like any other programming language. One significant security risk associated with SAP ABAP is directory traversal vulnerability.
In this blog post, we will discuss what a directory traversal vulnerability is, why it is a problem for SAP customers, how it can be exploited, and what measures to take to prevent it.
- #sapsecurity
Navigating KRITIS Compliance – How SecurityBridge and Turnkey Consulting Can Help You Prepare
In our webinar on April 27th at 15 CEST, SecurityBridge and Turnkey Consulting will provide valuable insights into KRITIS compliance.
- #patch, #sapsecurity
SAP Security Patch Day – April 2023
On April 11th, SAP released its latest Security Patch Day following the Easter break. This day is crucial for businesses that rely on SAP software and are concerned about cybersecurity. In this article, we will take a closer look at four HotNews patches that have been released or updated. HotNews patches are the most critical patches that SAP releases.
- #sapsecurity
6 Principles for Security-by-design for SAP
Security-by-design is a principle that emphasizes the need to build security measures into software systems from the start rather than as an afterthought.
SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application. Thus, they should prioritize security when designing and implementing their SAP systems rather than attempting to bolt on security measures afterward. This can help to prevent security breaches and minimize the damage caused by cyberattacks.
- #sapsecurity
Remote Code Execution (RCE) Vulnerability in SAP
Remote Code Execution (RCE) vulnerability in SAP is a type of security issue that allows an attacker to execute arbitrary code on a target system remotely. has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.
- #sapsecurity
SecurityBridge Introduces The SAP Management Dashboard – The Real-Time, Customizable Data View and Analysis Solution For SAP Security
SAP security provider SecurityBridge—now operating in the U.S.—today announced the latest addition to the SecurityBridge Platform—the Management Dashboard for SAP security.
The SAP Management Dashboard is a no-cost, additional application for the existing SecurityBridge Platform that combines all SAP data aspects and presents the information through a customizable, single pane of glass security dashboard view.
- #sapsecurity
How to detect script-based attacks against SAP?
In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.
- #sapsecurity
SAP Clickjacking Vulnerability: Understanding the Risk and Protecting Your System
This article is part of our series that aims to provide SAP users with an overview of the most common vulnerability types in the SAP technology stack. Unless successfully prevented, SAP is impacted by Clickjacking Vulnerability, particularly in the SAP NetWeaver Application Server Java, Enterprise Portal (EP).
If an application is susceptible to clickjacking, an attacker may execute the clickjacking attacks against users of the platform. A clickjacking attack in the SAP framework could make it possible for an attacker to inject malicious code into SAP applications and hijack user clicks. Once an attacker has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.
Latest Resources
- White Paper
How SecurityBridge Supports NIST CSF in SAP Environments
Download the White Paper "Bridging the Gap - How SecurityBridge Supports NIST CSF in SAP Environments". Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.
- White Paper
Which cybersecurity framework is the best fit for SAP application security?
Download the White Paper "Which cybersecurity framework is the best fit for SAP application security?" to learn more about the available frameworks, the challenges when adopting a framework, and more.
- White Paper
Your Road to SAP Security
Download the White Paper "YOUR ROAD TO SAP SECURITY" to learn about the major milestones towards increasing the cybersecurity posture of your SAP systems.
- White Paper
Top mistakes to avoid in SAP security
Within this whitepaper you will learn about the key mistakes that can be avoided when it comes to SAP Security. History has shown that many companies have suffered from cyber incidents, moreover, not all incidents are reported or have been made available to the public.
- Report
SAP Security Product Comparison Report
Download the SAP Security Product Comparison Report and understand that holistic security for SAP can be delivered by a single solution.
- Video
How remote working affects your SAP security posture
Remote work is posing new challenges to companies' SAP security posture. In our webinar on May 7th, we showcased a potential attack on an SAP system, using techniques which are common tools among hackers. Using a password spray attack, we first tried to gain access to the system and subsequently extracted the password hashes of all users.