English | Deutsch

Virtual Forge Blog

Cyber Security | Compliance | Stability

For over 10 years we help companies around the world to optimize the security and stability of their SAP landscapes. On the Virtual Forge Blog, our experts provide relevant content ready to help you to better understand and mitigate your IT risks.


ZF Case Study: A New Milestone in SAP Security

October 19, 2016

SAP systems are a preferred target of many of the hackers out there. Having taken this fact to heart, ZF Friedrichshafen AG recently reached another milestone in comprehensive SAP security management by conducting a series of systematic penetration tests.

Read more

How to Apply General IT Governance Rules to the SAP Infrastructure

October 18, 2016

At many companies, the SAP environment is a "blind spot" in IT security. It is wrongly argued that SAP systems and software have a number of specialities which make it unnecessary to apply general IT security guidelines to the SAP infrastructure or even make it seem pointless. A critical look at the arguments and their dangers.

Read more

MLP Case Study: Fully Outsourced IT

August 16, 2016

In a radical move, the financial service provider MLP has outsourced all of its IT to a service partner in order to focus more on its core business. To maintain control, the company is relying on process mining and Virtual Forge SystemProfiler. MLP’s Oliver Wildenstein explains how this arrangement works.

Read more

Configuring ABAP Log Files for SAP Enterprise Threat Detection (Part 2)

August 2, 2016

In Part 1 of his blog post series, Virtual Forge SAP Security Expert DENIS BORMOTOV introduced you to the first three ABAP log files that SAP Enterprise Threat Detection (SAP ETD) is capable to process and analyze for security events in the SAP Netweaver ABAP environment. Now in Part 2, he describes the remaining log files.

Read more

New Feature: „Finding Status Synchronization“ – A Welcome Addition to ABAP Code Scanning

July 27, 2016

Code-Scanning, when done right, can be a tricky issue. Of course, you could just scan your code, get a list of all issues and then manually correct them. In the real world, this approach usually doesn’t work, in an SAP environment even less so. Instead, you’d want to integrate code scanning fully into the development process. And that’s where it gets tricky in SAP.

Read more

Configuring ABAP Log Files for SAP Enterprise Threat Detection (Part 1)

July 19, 2016

SAP Enterprise Threat Detection (SAP ETD) is a solution that analyzes IT security risks in real time in a given SAP environment. By assessing the log files of the systems at hand – including network components, databases, and applications from both SAP and other providers – SAP ETD can quickly and reliably detect attacks from internal and external sources, enabling you to take corresponding measures as fast as possible. Combined in one unified log in SAP ETD and enriched with the semantic attributes it brings the most powerful analysis capabilities of incidents.

Read more

Avoiding Data Sniffing in SAP

July 12, 2016

Encryption is a hot topic these days. The Apple vs. FBI case again ignited the discussion whether government agencies should be able to enforce an access to encrypted data. Still, there is no doubt that encrypted communication is reasonable, as data sniffers should not be given the slightest opportunity to capture sensible data at all. Interestingly, this concept has not made its way to SAP security.

Read more

SAP configuration control made easy – the new SystemProfiler 3.1

June 7, 2016

New Reporting Dashboard and more test cases for testing SAP HANA authorizations. The new version 3.1 of the System Profiler has it all: Here are the highlights.

Read more

Scan your SAP Code in the Virtual Forge Cloud

May 31, 2016

Send your ABAP code to the Virtual Forge Cloud and get instant feedback on your SAP ABAP code quality: It's as simple as uploading your code to our website and clicking "Scan".

Read more

US-CERT Warning: The Catch-22 of SAP Security and How To Escape It

May 13, 2016

Whenever the terms “Homeland Security” and “warning” are involved in one paragraph, you can guess that things are amiss. That was the case earlier this week, when the U.S. Department of Homeland Security's Computer Emergency Response Team (US-CERT) issued a warning concerning a vulnerability in older releases of SAP software.

Read more

Breaking It to the Customer

May 11, 2016

"Sucess Rate is 100%"

A day in the life of a presales consultant for SAP security software

It’s generally acknowledged that SAP systems represent the heart of the companies that use them. But what does it feel like to be entrusted with protecting these central “organs” from incursions? Arndt Lingscheid, a veteran IT expert and presales consultant at Virtual Forge, is the right person to ask.

Read more

A Day in the Life of an SAP Penetration Tester

April 20, 2016

Under the hashtag #ThingsWeFoundWhenPentestingSAP, SAP security expert Andreas Wiegenstein (alias @CodeProfiler) tweets about the strange – and sometimes shocking – things he uncovers conducting SAP penetration testing at Virtual Forge. Here on the Virtual Forge blog, he presents his own personal hit parade once each quarter.

Read more

Secure SAP Systems: Presenting Tip #7 – or, the Golden Rule

April 13, 2016

In my book “Five Simple Rules for Securing Your SAP System”, I cover some practical instruments you can use to effectively improve the security and stability of your SAP landscape.

Read more

SAP: Driving Digitalization

March 23, 2016

There’s no doubt that advancing digitalization and the Internet of Things are presenting companies with untold opportunities to significantly increase their productivity – such as by establishing efficient business processes; innovative business models; and customer relationships shaped by continuous, seamless, and tailored service experiences.

Read more

SAP Transport Management Just Got Better

March 22, 2016

SAP Transport Management. I personally think that conceptually this is one of the most useful features in SAP. However, there are still some things which can go wrong when transporting a fresh developed application to a QA, and eventually into a productive system.

Read more