ABAP stands for Advanced Business Application Programming (originally german, Allgemeiner Berichts-Aufbereitungs-Prozessor) and is SAP’s proprietary programming language. ABAP was invented in the late 80s, and 35 years and millions of lines of code later, it’s still here!

In this blog, we cover the 10 top-scoring vulnerabilities from the first half of 2020. Of those, half were detected by Onapsis Research Labs, including the most severe.

To help businesses identify if their systems are vulnerable, Onapsis has released Instant RECON, an online service and downloadable free and open source tool to scan your internal and external SAP instances to identify if it is patched against the RECON vulnerability, and to look for likely indicators of compromise (IoC) from a successful exploit of RECON.

The purpose of this blog post is to explain the different types of properties existing in an SAP NetWeaver for Java system, as well as the different hierarchies along with their release versions.

One of the most common tasks an SAP Basis administrator must do is confirm their SAP systems are not missing SAP Security Notes to ensure their systems are not exposed to known vulnerabilities.

SAP code is mostly written in ABAP, and it is an integral part of securing your SAP systems. ABAP developers often struggle to keep up with new and increasing changes and requirements in the fields of code security and code quality, leading to major vulnerabilities or misconfigurations within your SAP system.

Transports are considered an essential part of the SAP environment for day-to-day business. Used to transfer SAP content from one system to another, transports carry incredibly sensitive data, and even a secure production system can be compromised. 

During the SAP system lifecycle (installation, upgrade, maintenance), Basis Administrators must validate that system security setting, logging and parameters are configured correctly. This can be an extremely time-consuming task as the SAP landscape is not static; new configurations, programs, clients, instances and systems are constantly being added, all while system and client refreshes are occurring and impacting system settings. 

If you were unable to attend my recent webinar, entitled How to Protect Your SAP Landscape Against Hackers, you may be wondering how your SAP landscape could be the target of malicious attacks through known vulnerabilities. While these vulnerabilities have been patched in prior and publicly available security notes, the reality is that IT teams have yet to do so or haven’t implemented the manual post steps, leaving your more valuable systems at risk.

If you were unable to join my recent webinar, SAP Transport Security: Transformation with Less Risk and More Efficiency, you may be wondering how you can keep your SAP environment secure when moving changes into production. Read this blog post to learn more about SAP transport security.