As organizations adopt a Clean Core strategy, the attack surface of the SAP landscape has split into two distinct fronts: the rapid innovation of SAP BTP developments and the deep-rooted complexity of ABAP custom code. Security can no longer afford to treat these as blindspots. One missed vulnerability in a BTP app can leak your most sensitive data; one rogue line of ABAP can grant a rogue developer the keys to the kingdom.
In this episode, we will present two high-stakes threat scenarios, based on real-world incidents, that every SAP customer must prepare for:
- The BTP Blindspot: We demonstrate how an innocent developer mistake in a custom BTP application, such as an insecure API endpoint or a broken authentication check, becomes an open door to the core of the business. Watch as an attacker exploits this flaw without any credentials to silently exfiltrate sensitive enterprise data.
- The Trojan Horse: We go deep into the ABAP core to show how a rogue developer or contractor can bypass standard checks to insert a sophisticated backdoor in an ABAP program. By injecting a few lines of malicious code, the actor secures SAP_ALL privileges, allowing them to modify financial records and master data in production while bypassing compliance controls.
Once you understand how the systems can be compromised, you need to know how to stop it. We’ll discuss:
- How to catch BTP vulnerabilities the moment they are written, stopping the accidental threat before it ever leaves the developer’s desk.
- How to leverage automated scanning of ABAP transports , preventing malicious ABAP from ever reaching your production environment.
- How to perform automated scans of code “at rest” to identify hidden backdoors and vulnerabilities that may have been lurking in your system for years.
Join us to learn how to secure your Clean Core strategy by eliminating both vulnerable and malicious code across the entire BTP and ABAP spectrum.
Explore Other Episodes
