The first and only integrated Platform for SAP

SAP stability and new features

SecurityBridge: the first and only holistic, natively integrated security platform, addressing all aspects needed to protect organizations running SAP from internal and external threats against their core business applications.

In one seamless platform all SAP vulnerabilities and risks can be identified and mitigation action can be taken.

Read more to learn what we have included in the recent release 4.75. 

Summary

On July 29th 2020 a new release of SecurityBridge was made available for our subscribers.  The release (version 4.75)  includes new features and enhancements to the current security controls.

Highlight

Security Rating

Security & Compliance Management

The central component of SecurityBridge for SAP vulnerability management is the Security & Compliance Management application. It helps organizations to assess the complexity of SAP’s security settings throughout the entire landscape controlled from a central location. In Version 4.75, we enhanced the System view with additional metrics.

The system result view now lists the executed checks by result, directly on the page header. We introduced a 5-Star rating system allowing customers to compare the security rating across systems. 

And if this wouldn’t be enough, a security level indicator has been added to the right part of the header. The indicator shows the security level per Area of Responsibility.

Highlight

Real-time knowledgebase integration

SecurityBridge Platform

An essential advantage for defenders in their fight against cyberattacks can be leveraged through efficient information management.  Defenders have a need to know about risks, new configuration settings, and potential vulnerabilities residing in SAP’s vast product portfolio. We understand that in your role as a defender, you need up-to-date information directly within any solution, without the need of a software update. As a result of this understanding we are introducing real-time knowledge base integration. Any update applied to our online service portal is instantly available within all SecurityBridge applications.

Highlight

SAP HANA Database

Adding 7 new Security Checks to the SAP in-memory database

Enterprises transform their business quickly and effectively using S/4 HANA or only the in-memory database SAP HANA. New technologies also introduce new security challenges. 

In this release, we enhance the existing security checks with 7 new configuration and compliance checks in following areas:

Highlight

Application Icons

Fiori Apps

SAP Fiori applications have introduced a new way of working. Compared to old-fashioned standard applications, the user experience has undergone a significant transformation.

End-users have become more efficient, and love the intuitive interface. One aspect of the new user experience is a unique but unified user interface. SAP Fiori allows developers to create very customized UI’s while the handling will remains unchanged. 

All Fiori Apps provided by the SecurityBridge platform received a new and harmonized icon.

... and more

Detection Pattern updates

after recent SAP Patch Day's

Identification patterns for vulnerabilities published by SAP Patch Day in June and July (including detection for CVE-2020-6287 (Mulitple Vulnerabilities in NetWeaver AS JavA)) are included within our latest SecurityBridge release.

Learn more about SecurityBridge here

Find recent Security Advisories for SAP©
hacking
In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.
code pc
In one of our recent articles, we pointed out the use of Access Control Lists (ACLs) to better manage access control. Below, we will show a practical example of how this can be done for inbound HTTP communication with the ‘Internet Communication Manager’ (ICM) component of an SAP system.
SAP Security Patch Tuesday 2024
For February 2024, 13 new Security Notes have been released and 3 have been updated. Lets look at some highlights, starting with the ‘HowNews’ notes.