Password hash cracking, user cloning, and user impersonation are realistic attack scenarios in SAP systems. This blog post explains how SAP customers can protect their systems.
SAP Security
SAP Security Patch Day August 2022: A Calm Patch Day With SAP BusinessObjects in Focus
SAP has published 11 new and updated Security Notes on its August Patch Day. SAP has patched three Information Disclosure vulnerabilities in SAP BusinessObjects (BO) which affect different components of the application.
I Know What You Read Last Summer: How SAP Read Access Logging Can Help Identify Data Theft
Protecting critical data from interconnected risk was SAP’s main motivation for introducing Read Access Logging (RAL). Learn how to use RAL to detect and analyze fraud or data theft to ensure SAP security.
SAP Security Patch Day June 2022: Improper Access Control
In SAP's June Patch Day, there are 17 new and updated security patches. The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) also lists three well known vulnerabilities.
Three Actively Exploited SAP Vulnerabilities Identified by Onapsis Research Labs: What You Need to Know
The Onapsis Research Labs detected active exploitation activity related to three vulnerabilities that were already patched by SAP.
Why You Need Application Security Testing for Business-Critical Applications: Part 2
See how application security testing can eliminate blind spots when working with contractors and third-party developers.
SAP Security Patch Day May 2022: Spring4Shell Vulnerability Has Been Patched in Six SAP Applications
SAP has released 17 new and updated SAP Security Notes in its May 2022 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and two High Priority notes.
Why Now Is the Time to Protect Your Business-Critical SAP Applications
Now is the time to secure your business-critical SAP applications.
Onapsis and SAP Partner to Secure Business
Despite their importance, many organizations lack the proper preventative, detective, and corrective controls to secure a company’s SAP applications, and have a reigning false sense of security provided by generic security products. That’s why Onapsis and SAP have been partnering together to empower executives to mitigate what we believe is one of the most critical types of cyber risk facing organizations.
Attack & Secure SAP Systems with Onapsis Research Labs at Troopers Conference
Join Onapsis Research Labs at Troopers Conference for the fundamentals of how to pentest and secure SAP systems. Students will not only learn to assess the security of critical systems by performing tailored penetration testing, but also how to secure and monitor systems from the latest threats. Meet us there!
Categories
The Defenders Digest
Onapsis CTO and Director of Threat Research monthly video recap all things ERP security.
Watch Now