When thinking of SAP security we tend to always think of SAP servers and pay little attention to the tools used by end-users that connect to most of our SAP Systems, as well as the way those tools are used. Outside the SAP security world it is well accepted that attackers are no longer targeting…

Every organization running SAP to support its business-critical processes has typically implemented several systems in complex scenarios. Depending on the sizeof the company, the number of SAP Systems, Instances and Products used can be quite large. All of these systems are interconnected and there are different components involved in regards to the connections such as…

Implementing proper security controls for a BusinessObjects implementation is a complex process. There are a number of moving parts, complicated Access Controls, and many client access points. For those tasked with auditing an implementation it can be difficult to know where to begin. In this white paper we discuss the BusinessObjects architecture landscape, discuss common…

In all SAP implementations there are many reasons why organizations would need to make changes and updates on a regular basis; from changes to legislation and compliance mandates to business growth, process evolution and security modifications. The Transport Management System (TMS) is the backbone for applying these changes to our SAP Systems. Each of the…

By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and therefore their business information, could be completely compromised. Despite its relevance, common IT security practices have traditionally…

While the comment, SAP platforms are only accessible internally, was true in many organizations more than a decade ago, today, driven by modern business requirements for interconnectivity, SAP systems are very often connected to the Internet. This scenario dramatically increases the universe of possible attackers, as malicious attackers can remotely try to compromise the organization’s…

SAP Application Servers Java, supported by the J2EE Engine, serve as the base framework for running critical solutions such as the SAP Enterprise Portal, SAP Exchange Infrastructure (XI), SAP Process Integration (PI) and SAP Mobile Infrastructure (MI). In addition, customers can also deploy their own custom Java applications on these platforms. In December 2010, SAP…

SAP Knowledge Management (SAP KM) is a central component of the SAP Enterprise Portal, enabling the information extracted from numerous data sources within the Organization to be displayed in a single access point. Employees, customers, vendors and business partners use this platform to interact with data provided by the company in order to fulfill their…