Publications
Volume XVII: Remote Function Call: The Whole PictureThe aim of this publication is to fully introduce and explain the concept of Remote Function Call (RFC) and the impact on the Gateway and Message Server.
Publications
Volume XIV: Setup Trusted RFC in SAP GRCIn February 2017 SAP released Security Note 2413716 regarding configuration changes to secure Trusted RFC for GRC Access Control emergency access management (EAM), which was a High Priority note. This particular security note is quite complicated so, to help organizations understand the impact, we’ve created this guide to help you install it correctly.
Publications
Volume XVI: SAP®️ Security In-Depth: Switchable Authorization Checks: New Workbench and ScenariosThis SAP Security In-depth attempts to fully introduce and explain the concept of Switchable Authorization Checks. How it works, why it’s important and how to implement a Switchable Authorization Checks SAP Security Note.
Publications
Volume XV: SAP® Security In-Depth: Preventing Cyberattacks Against SAP Solution ManagerSAP has issued three HotNews Security Notes for Solution Manager (SolMan), dating back to 2019. The most recent (March 2020) addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption.
Publications
Volume XIII: SAP HANA System Security Review - Part 2SAP HANA is being pushed by SAP as the absolute in-memory database for its products, and more recently, as a standalone platform.
Publications
Volume XII: SAP HANA System Security Review - Part 1SAP HANA is being pushed by SAP as the absolute in-memory database for its products, and more recently, as a standalone platform.
Publications
Volume XI: SAP End-User Tools: The Weakest Link to Sensitive DataWhen thinking of SAP security we tend to always think of SAP servers and pay little attention to the tools used by end-users that connect to most of our SAP Systems, as well as the way those tools are used.
Publications
Volume X: Pivoting Through SAP SystemsEvery organization running SAP to support its business-critical processes has typically implemented several systems in complex scenarios.
Publications
Volume IX: Assessing and Defending SAP BusinessObjectsImplementing proper security controls for a BusinessObjects implementation is a complex process.
Publications
Volume VIII: Transport Management System – Highway to ProductionIn all SAP implementations there are many reasons why organizations would need to make changes and updates on a regular basis.
Publications
Volume VII: Preventing Cyber-attacks Against SAP Solution ManagerBy design the SAP Solution Manager is connected to all SAP systems (i.e. ERP, CRM, BI, etc), making it a critical component of any SAP implementation: if successfully exploited by an attacker, all the satellite SAP environments, and therefore their business information, could be completely compromised.
Publications
Volume VI: Securing the Gates to the Kingdom – Auditing the SAProuterThe SAProuter is one of the most critical components of any SAP implementation. Working as an application-level gateway, it is usually connected to untrusted networks and is intended to restrict access to the backend SAP systems.
Secure your
business-critical SAP,
Oracle, Salesforce
and SaaS apps
Get a firsthand look at the visibility, reporting and automation capabilities provided by The Onapsis Platform by scheduling a personalized demo with our application security experts.
Highly reviewed by Gartner Peer Insights
See why ERP application security professionals are raving about Onapsis.