SAP Security

The purpose of this blog post is to explain the different types of properties existing in an SAP NetWeaver for Java system, as well as the different hierarchies along with their release versions.

One of the most common tasks an SAP Basis administrator must do is confirm their SAP systems are not missing SAP Security Notes to ensure their systems are not exposed to known vulnerabilities.

SAP code is mostly written in ABAP, and it is an integral part of securing your SAP systems. ABAP developers often struggle to keep up with new and increasing changes and requirements in the fields of code security and code quality, leading to major vulnerabilities or misconfigurations within your SAP system.

Transports are considered an essential part of the SAP environment for day-to-day business. Used to transfer SAP content from one system to another, transports carry incredibly sensitive data, and even a secure production system can be compromised. 

During the SAP system lifecycle (installation, upgrade, maintenance), Basis Administrators must validate that system security setting, logging and parameters are configured correctly. This can be an extremely time-consuming task as the SAP landscape is not static; new configurations, programs, clients, instances and systems are constantly being added, all while system and client refreshes are occurring and impacting system settings. 

If you were unable to attend my recent webinar, entitled How to Protect Your SAP Landscape Against Hackers, you may be wondering how your SAP landscape could be the target of malicious attacks through known vulnerabilities. While these vulnerabilities have been patched in prior and publicly available security notes, the reality is that IT teams have yet to do so or haven’t implemented the manual post steps, leaving your more valuable systems at risk.

If you were unable to join my recent webinar, SAP Transport Security: Transformation with Less Risk and More Efficiency, you may be wondering how you can keep your SAP environment secure when moving changes into production. Read this blog post to learn more about SAP transport security.

As a former CISO, I know how resource-constrained we truly are and how difficult it can be to focus attention on the areas and systems that matter most.

On the heels of our recent certification announcement of our code analysis solutions, we are happy to share that another of our capabilities has been certified by SAP. Our transport inspection capabilities joins our HANA and ABAP code analysis solutions as certified for deployment on S4/HANA.