By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and therefore their business information, could be completely compromised. Despite its relevance, common IT security practices have traditionally…
While the comment, SAP platforms are only accessible internally, was true in many organizations more than a decade ago, today, driven by modern business requirements for interconnectivity, SAP systems are very often connected to the Internet. This scenario dramatically increases the universe of possible attackers, as malicious attackers can remotely try to compromise the organization’s…
SAP Application Servers Java, supported by the J2EE Engine, serve as the base framework for running critical solutions such as the SAP Enterprise Portal, SAP Exchange Infrastructure (XI), SAP Process Integration (PI) and SAP Mobile Infrastructure (MI). In addition, customers can also deploy their own custom Java applications on these platforms. In December 2010, SAP…
SAP Knowledge Management (SAP KM) is a central component of the SAP Enterprise Portal, enabling the information extracted from numerous data sources within the Organization to be displayed in a single access point. Employees, customers, vendors and business partners use this platform to interact with data provided by the company in order to fulfill their…
SAP has implemented several unique password hashing procedures in its history. While each new version has increased the security level of their hashing scheme, the requirements for backward compatibility, if not considered in the implementation phase, may provide an opportunity for attacks against users’ stored credentials. Through the exploitation of these weaknesses, malicious attackers would…
Levi Strauss’s Deputy CISO, Steve Zalewski discusses the concept of “trust, but verify” when undergoing digital transformation projects and working with both vendors and third-party security providers.
This month marks CISA’s 18th Cybersecurity Awareness Month, a joint effort between the government and public to raise awareness of the importance of cybersecurity. In this blog, we’ll share ways to protect yourself, your organization, and its most critical systems from ransomware.
