Implementing proper security controls for a BusinessObjects implementation is a complex process. There are a number of moving parts, complicated Access Controls, and many client access points. For those tasked with auditing an implementation it can be difficult to know where to begin. In this white paper we discuss the BusinessObjects architecture landscape, discuss common…

In all SAP implementations there are many reasons why organizations would need to make changes and updates on a regular basis; from changes to legislation and compliance mandates to business growth, process evolution and security modifications. The Transport Management System (TMS) is the backbone for applying these changes to our SAP Systems. Each of the…

By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and therefore their business information, could be completely compromised. Despite its relevance, common IT security practices have traditionally…

While the comment, SAP platforms are only accessible internally, was true in many organizations more than a decade ago, today, driven by modern business requirements for interconnectivity, SAP systems are very often connected to the Internet. This scenario dramatically increases the universe of possible attackers, as malicious attackers can remotely try to compromise the organization’s…

SAP Application Servers Java, supported by the J2EE Engine, serve as the base framework for running critical solutions such as the SAP Enterprise Portal, SAP Exchange Infrastructure (XI), SAP Process Integration (PI) and SAP Mobile Infrastructure (MI). In addition, customers can also deploy their own custom Java applications on these platforms. In December 2010, SAP…

SAP Knowledge Management (SAP KM) is a central component of the SAP Enterprise Portal, enabling the information extracted from numerous data sources within the Organization to be displayed in a single access point. Employees, customers, vendors and business partners use this platform to interact with data provided by the company in order to fulfill their…

SAP has implemented several unique password hashing procedures in its history. While each new version has increased the security level of their hashing scheme, the requirements for backward compatibility, if not considered in the implementation phase, may provide an opportunity for attacks against users’ stored credentials. Through the exploitation of these weaknesses, malicious attackers would…