Volume XI: SAP End-User Tools: The Weakest Link to Sensitive Data

Download

When thinking of SAP security we tend to always think of SAP servers and pay little attention to the tools used by end-users that connect to most of our SAP Systems, as well as the way those tools are used. Outside the SAP security world it is well accepted that attackers are no longer targeting servers directly, but rather are focusing on client-side attacks which could potentially allow escalation to the servers. During the last year, several malware attacks targeting SAP systems were discovered but received little attention in the moment of discovery.

SAP End-User Tools: The Weakest Link to Sensitive Data analyzes multiple weaknesses that could affect end-user applications related to SAP such as the SAPGUI client, and other tools that are commonly used by SAP end-users. Additionally this publication specifies which sensitive data and credentials could be stolen, and outlines the context in which these weaknesses could be exploited. Each weakness is explored in detail with advice on workarounds and fixes.

Back to Publications

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing SAP Business Technology Platform (BTP)

CH4TTER: Threat Actors Attacking SAP Applications

Anatomy of an Attack: C2 Incident on SAP

Your S/4HANA Cloud Journey

Volume XI: SAP End-User Tools: The Weakest Link to Sensitive Data

Volume XVII: Remote Function Call: The Whole Picture

Volume XVI: SAP®️ Security In-Depth: Switchable Authorization Checks: New Workbench and Scenarios

Volume XV: SAP® Security In-Depth: Preventing Cyberattacks Against SAP Solution Manager