Publications
Volume VIII: Transport Management System – Highway to Production
In all SAP implementations there are many reasons why organizations would need to make changes and updates on a regular basis; from changes to legislation and compliance mandates to business growth, process evolution and security modifications. The Transport Management System (TMS) is the backbone for applying these changes to our SAP Systems. Each of the…
Volume VII: Preventing Cyber-attacks Against SAP Solution Manager
By design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and therefore their business information, could be completely compromised. Despite its relevance, common IT security practices have traditionally…
Volume V: Our Crown Jewels Online – Attacks targeting SAP Web Applications
While the comment, SAP platforms are only accessible internally, was true in many organizations more than a decade ago, today, driven by modern business requirements for interconnectivity, SAP systems are very often connected to the Internet. This scenario dramatically increases the universe of possible attackers, as malicious attackers can remotely try to compromise the organization’s…
Volume IV: The Invoker Servlet – A Dangerous Detour into SAP Java Solutions
SAP Application Servers Java, supported by the J2EE Engine, serve as the base framework for running critical solutions such as the SAP Enterprise Portal, SAP Exchange Infrastructure (XI), SAP Process Integration (PI) and SAP Mobile Infrastructure (MI). In addition, customers can also deploy their own custom Java applications on these platforms. In December 2010, SAP…
Volume II: SAP Knowledge Management – The Risks of Sharing
SAP Knowledge Management (SAP KM) is a central component of the SAP Enterprise Portal, enabling the information extracted from numerous data sources within the Organization to be displayed in a single access point. Employees, customers, vendors and business partners use this platform to interact with data provided by the company in order to fulfill their…
Volume I: The Risks of Downwards Compatibility
SAP has implemented several unique password hashing procedures in its history. While each new version has increased the security level of their hashing scheme, the requirements for backward compatibility, if not considered in the implementation phase, may provide an opportunity for attacks against users’ stored credentials. Through the exploitation of these weaknesses, malicious attackers would…
Cybersecurity Awareness Month: Protect Your Organization from Ransomware
This month marks CISA’s 18th Cybersecurity Awareness Month, a joint effort between the government and public to raise awareness of the importance of cybersecurity. In this blog, we’ll share ways to protect yourself, your organization, and its most critical systems from ransomware.