SAP systems are a preferred target of many of the hackers out there. Having taken this fact to heart, ZF Friedrichshafen AG recently reached another milestone in comprehensive SAP security management by conducting a series of systematic penetration tests.Read more
At many companies, the SAP environment is a "blind spot" in IT security. It is wrongly argued that SAP systems and software have a number of specialities which make it unnecessary to apply general IT security guidelines to the SAP infrastructure or even make it seem pointless. A critical look at the arguments and their dangers.Read more
In a radical move, the financial service provider MLP has outsourced all of its IT to a service partner in order to focus more on its core business. To maintain control, the company is relying on process mining and Virtual Forge SystemProfiler. MLP’s Oliver Wildenstein explains how this arrangement works.Read more
In Part 1 of his blog post series, Virtual Forge SAP Security Expert DENIS BORMOTOV introduced you to the first three ABAP log files that SAP Enterprise Threat Detection (SAP ETD) is capable to process and analyze for security events in the SAP Netweaver ABAP environment. Now in Part 2, he describes the remaining log files.
Code-Scanning, when done right, can be a tricky issue. Of course, you could just scan your code, get a list of all issues and then manually correct them. In the real world, this approach usually doesn’t work, in an SAP environment even less so. Instead, you’d want to integrate code scanning fully into the development process. And that’s where it gets tricky in SAP.Read more
SAP Enterprise Threat Detection (SAP ETD) is a solution that analyzes IT security risks in real time in a given SAP environment. By assessing the log files of the systems at hand – including network components, databases, and applications from both SAP and other providers – SAP ETD can quickly and reliably detect attacks from internal and external sources, enabling you to take corresponding measures as fast as possible. Combined in one unified log in SAP ETD and enriched with the semantic attributes it brings the most powerful analysis capabilities of incidents.Read more
Encryption is a hot topic these days. The Apple vs. FBI case again ignited the discussion whether government agencies should be able to enforce an access to encrypted data. Still, there is no doubt that encrypted communication is reasonable, as data sniffers should not be given the slightest opportunity to capture sensible data at all. Interestingly, this concept has not made its way to SAP security.Read more
New Reporting Dashboard and more test cases for testing SAP HANA authorizations. The new version 3.1 of the System Profiler has it all: Here are the highlights.Read more
Send your ABAP code to the Virtual Forge Cloud and get instant feedback on your SAP ABAP code quality: It's as simple as uploading your code to our website and clicking "Scan".Read more
Whenever the terms “Homeland Security” and “warning” are involved in one paragraph, you can guess that things are amiss. That was the case earlier this week, when the U.S. Department of Homeland Security's Computer Emergency Response Team (US-CERT) issued a warning concerning a vulnerability in older releases of SAP software.Read more
"Sucess Rate is 100%"
A day in the life of a presales consultant for SAP security software
It’s generally acknowledged that SAP systems represent the heart of the companies that use them. But what does it feel like to be entrusted with protecting these central “organs” from incursions? Arndt Lingscheid, a veteran IT expert and presales consultant at Virtual Forge, is the right person to ask.Read more
Under the hashtag #ThingsWeFoundWhenPentestingSAP, SAP security expert Andreas Wiegenstein (alias @CodeProfiler) tweets about the strange – and sometimes shocking – things he uncovers conducting SAP penetration testing at Virtual Forge. Here on the Virtual Forge blog, he presents his own personal hit parade once each quarter.Read more
In my book “Five Simple Rules for Securing Your SAP System”, I cover some practical instruments you can use to effectively improve the security and stability of your SAP landscape.
There’s no doubt that advancing digitalization and the Internet of Things are presenting companies with untold opportunities to significantly increase their productivity – such as by establishing efficient business processes; innovative business models; and customer relationships shaped by continuous, seamless, and tailored service experiences.Read more
SAP Transport Management. I personally think that conceptually this is one of the most useful features in SAP. However, there are still some things which can go wrong when transporting a fresh developed application to a QA, and eventually into a productive system.Read more