Publications

Volume XI: SAP End-User Tools: The Weakest Link to Sensitive Data

Download

When thinking of SAP security we tend to always think of SAP servers and pay little attention to the tools used by end-users that connect to most of our SAP Systems, as well as the way those tools are used. Outside the SAP security world it is well accepted that attackers are no longer targeting servers directly, but rather are focusing on client-side attacks which could potentially allow escalation to the servers. During the last year, several malware attacks targeting SAP systems were discovered but received little attention in the moment of discovery.

SAP End-User Tools: The Weakest Link to Sensitive Data analyzes multiple weaknesses that could affect end-user applications related to SAP such as the SAPGUI client, and other tools that are commonly used by SAP end-users. Additionally this publication specifies which sensitive data and credentials could be stolen, and outlines the context in which these weaknesses could be exploited. Each weakness is explored in detail with advice on workarounds and fixes.

Back to Publications
?>