SAP development systems are an often underestimated entry point for attacks.
Thumbnail
Dangers in SAP® Transport Management Part 5
Welcome to the final installment of our series on the Dangers in SAP Transport Management. In our final post, we’ll focus on how an attacker could leverage logical file names and logical OS commands within SAP transports to access, modify and exfiltrate data.
Thumbnail
Dangers in SAP® Transport Management Part 4
Welcome back to our blog series on the Dangers in SAP® Transport Management. In this fourth installment, we’re focused on automated code execution while importing.
Thumbnail
Dangers in SAP Transport Management: Part 3
This is part three of our blog series on the Dangers in SAP Transport Management. In part one, we give an intro to SAP Transports. In part two, we went over the starting point of this attack, the transaction SU24. In this third installment, we’re focused on the manipulation of job management and its associated risks to SAP Transports.
Thumbnail
Dangers in SAP Transport Management: Part 2
The first article of this series spoke about the global deactivation of authorization checks for single authorization objects per transport. A similar risk results from the possibility of deactivating authorization checks transaction-specifically. With this method, it is even more difficult to detect an attack, as the impact can be limited to one transaction.
Thumbnail
Dangers in SAP Transport Management: Part 1
Part one of our blog series, Dangers in Transport Management, discusses circumventing Authority Checks.
Thumbnail
Dangers in SAP Transport Management: An Intro
Across industries, organizations implement software solutions, IT controls, policies and procedures to secure their mission-critical applications. While dev, test and QA systems are not ignored, they are not always treated as equal.
