English | Deutsch | Español

Virtual Forge Blog

Cyber Security | Compliance | Stability

For over 10 years we help companies around the world to optimize the security and stability of their SAP landscapes. On the Virtual Forge Blog, our experts provide relevant content ready to help you to better understand and mitigate your IT risks.


Higher SAP® Security by Running ABAP Code Scans

November 20, 2017

In order to systematically find security vulnerabilities in custom SAP® developments and to correct errors, Krones AG  introduced automated code checks despite of initial doubts. After a two year operating period, the machine and plant manufacturer draws a positive conclusion.

Read more

Dangers in SAP Transport Management Part 2: Circumventing AUTHORITY CHECKS transaction-specifically

November 2, 2017

The first article of this series talked about the global deactivation of authorization checks for single authorization objects per transport. A similar risk results from the possibility of deactivating authorization checks transaction-specifically. It is even more difficult to detect an attack if this method is used, as the impact can be limited to one transaction.

Read more

Vulnerability Scanners for Your SAP® Systems

October 24, 2017

An increasing number of companies report on the importance of vulnerability scanners in the IT context. We will go one step further and tell you why it is reasonable to particularly use vulnerability scanners for your SAP® systems.

Read more

The effect of the 'KRACK' WPA2 vulnerability for SAP® customers

October 18, 2017

The news about the KRACK attack is causing quite a fuss in the media. This is not surprising since it effects a Wi-Fi-technology thought to be safe until now. Plus, surely everyone uses this encryption. But what does this vulnerability to WPA2 encryption mean to SAP® customers?

Read more

Why implementing SAP® security notes becomes increasingly important

October 12, 2017

In the past week, SAP® informed the public about a few SAP security vulnerabilities, which would have enabled attackers to unnoticeably steal data or sabotage SAP servers. Critical vulnerabilities found in SAP applications which are used by many customers.

Read more

Dangers in SAP Transport Management Part 1: Circumventing AUTHORITY CHECKS

October 11, 2017

The opinions on the SAP authorization concept diverge widely. Surely, a certain complexity and the related maintenance effort cannot be denied. Yet, the most important requirement, the gapless protection of all read and write accesses within a program, can be realized quite well – at least in theory. In practice, there are several options to circumvent authorization checks.

Read more

If you have heard of the SAP Gateway, you should read this.

October 4, 2017

It's amazing that this vulnerability was published as late as 2012, considering the fact that the SAP gateway is a standard interface for every SAP system. And specifically interfaces should be secured by all means. Eventually it was SAP themselves, which had drawn attention to the SAP Gateway Exploit. One of the most dangerous weaknesses of each SAP system is thus recognized - but still not secured at many SAP customers.

Read more

SAP Security Is Gaining Ground

September 28, 2017

Two independent studies have shown that the awareness regarding  SAP security has tightened up over the past 12 months SAP users of the DACH countries as well as the SAP user group United Kingdom and Ireland see the necessity to spring into action and better protect their systems.

Read more

Take the First Step towards Higher Security with SAP® Penetration Tests

September 25, 2017

If you want to check if the doors of a house are securely locked, it is best to try it yourself. The resident has an advantage over an intruder: he knows all doors and windows which can be used or misused as entry points. The same holds true for SAP systems: a penetration test is far more effective if an external attack (black box pen-testing) is combined with an analysis of possible vulnerabilities from within (white box pen-testing).

Read more

DevSecOps – Same Subject, Different Day

September 21, 2017

It sometimes seems like new trends aren't even that new. This is especially hard to notice, if the trend has even gotten a new new. This is the case with DevOps or DevSecOps if security is being included.

Read more

Tracking Risks in Custom Code

September 13, 2017

At TRUMPF, an interruption to its SAP system could have serious consequences. This is why the mechanical engineering company, located in southwestern Germany, takes a targeted approach to ensuring seamless system operations. One approach is to use the Virtual Forge CodeProfiler, which identifies risks in custom ABAP code. 


Read more

Small solution – big impact

September 12, 2017

Just like in life, small things can have a big impact on SAP development. For example, the quality of the customer’s code naturally depends on several factors, like the correct interception of exceptions, the use of sufficient comments, and making sure that database access does not unnecessarily waste any resources. But if one takes a closer look at customers’ development guidelines, one often finds a passage dictating naming conventions. Applying these naming conventions to all objects is not an easy task though.

Read more

SAP Security in the Age of Digitalization

September 11, 2017

No matter if Industry 4.0, SAP HANA, Cloud or Blockchains: if you want to survive on the global market, you cannot afford to shut yourself off to recent IT trends. This is also shown by the relevant offers of SAP. But the progressing digitalization means higher demands on security.

Read more

3 Ways to Minimize Email Phishing Attacks in Your Organization

August 29, 2017

Old school email phishing attacks just won't go away.  Here's how to make sure your enterprise stays ready.

Read more

Healthcare Enterprise Systems Need a Major Cybersecurity Overhaul

August 23, 2017

As hospitals increasingly utilize connected medical devices, healthcare enterprise systems are struggling to keep up with the new security measures that these devices require to keep them (and their patients) safe from hackers.

Read more