English | Deutsch | Español

Virtual Forge Blog

For over 10 years we help companies around the world to optimize the security and stability of their SAP landscapes. On the Virtual Forge Blog, our experts provide relevant content ready to help you to better understand and mitigate your IT risks.

Teaser-Blog-neu.png

Life @ Virtual Forge

March 20, 2018 From Virtual Forge GmbH

 

Life at Virtual Forge is multifaceted; our tasks are widely spread between IT, Support and Marketing. We would like to give you a better insight: What does the work day of, e.g. an employee in the Support department look like? Which qualities does one need to become a dual student in our IT department or what do our Sales employees associate with our company? 

We have asked our colleagues and will now introduce a new employee to you in our blog series “Life @ Virtual Forge” on a regular basis.
 

Read more

What the Internet of Things means for SAP® security

March 20, 2018 From Virtual Forge GmbH

Last week, a partnership between Deutsche Telekom and SAP® was announced to place greater emphasis on the Internet of Things - an important milestone for the adaptation of Industry 4.0. However, the increasing number of "connected" machines and devices brings up another topic: interface security.

Read more

Life @ Virtual Forge

February 22, 2018 From Virtual Forge GmbH

 

Life at Virtual Forge is multifaceted; our tasks are widely spread between IT, Support and Marketing. We would like to give you a better insight: What does the work day of, e.g. an employee in the Support department look like? Which qualities does one need to become a dual student in our IT department or what do our Sales employees associate with our company? 

We have asked our colleagues and will now introduce a new employee to you in our blog series “Life @ Virtual Forge” on a regular basis.
 

Read more

Our SAP® Systems are Secure. Right?

February 19, 2018 From Caroline Neuber, Virtual Forge GmbH

Many companies assume that their SAP® systems are secure. After all, a lot of money was invested in the SAP software and SAP is trusted as one of the most successful software providers worldwide. It is therefore expected that the purchased products will also meet the current security standards. But what is the reality?

This text was published as an advertorial in issue 1/18 of the DSAG magazine "blaupause".

Read more

Topics: Secure Coding

Dangers in SAP Transport Management Part 6: Transport of prohibited table contents

February 13, 2018 From Thomas Fritsch, Virtual Forge GmbH

Tabelle.pngThere are well over 100 tables in SAP® whose contents must not be transported. Each transport request is checked for such tables when it is saved and before the export. The relevant tables in the function module SYSTAB_CHECK are hard wired. The tables concerned are almost exclusively system tables that contain partial information about a comprehensive object from the workbench area and whose separate transport can lead to serious inconsistencies in the target system.

Read more

SAP® Security: Do you know your SAP Security Situation?

January 30, 2018 From Caroline Neuber, Virtual Forge GmbH

IT security has many facets. Your SAP® systems are only one of them, but they are the most important ones. They contain personal data of your customers, employees and partners and depict the business processes that are vital for your survival. An attack on your SAP systems has serious consequences for your company. Not only considerable costs for detecting and correcting the attack, but also production downtime, high penalties and enormous damage to the image can be the result.

Read more

Topics: UnderstandYourRisk

Life @ Virtual Forge 

January 22, 2018 From Virtual Forge GmbH

 

Life at Virtual Forge is multifaceted; our tasks are widely spread between IT, Support and Marketing. We would like to give you a better insight: What does the work day of, e.g. an employee in the Support department look like? Which qualities does one need to become a dual student in our IT department or what do our Sales employees associate with our company? 

We have asked our colleagues and will now introduce a new employee to you in our blog series “Life @ Virtual Forge” on a regular basis.
 

Read more

Vulnerabilities in processors: Everything SAP® Customers Need to Know about Spectre and Meltdown

January 18, 2018 From Virtual Forge GmbH

The bombshell exploded directly at the beginning of the year: almost all computer chips worldwide are affected by the so-called "Spectre" and "Meltdown" attack scenarios. They have their effect on  hardware level and are therefore not limited to an OS. To make matters worse, the required patches will slow down affected devices. A vulnerability could not possibly cause more ripples. From an SAP® customer's viewpoint, the question whether this affects the security of my SAP systems comes to mind. Are they even at risk and if so, how high is the risk? Find all important answers in this post.

Read more

Dangers in SAP® Transport Management Part 5: Logical File Names and Operating System Commands

January 8, 2018 From Thomas Fritsch, Virtual Forge GmbH

In order for developers to not have to worry about the specifics of the underlying operating system when accessing files or executing OS commands, SAP® uses the concept of logical file names and logical OS commands. For this, a logical file name (and file path) is stored for each physical file name (file path) coming into question. In analogy, platform-specific physical commands are allocated to a collective logical command.

Read more

Life @ Virtual Forge

December 14, 2017 From Virtual Forge GmbH

 

Life at Virtual Forge is multifaceted; our tasks are widely spread between IT, Support and Marketing. We would like to give you a better insight: What does the work day of, e.g. an employee in the Support department look like? Which qualities does one need to become a dual student in our IT department or what do our Sales employees associate with our company? 

We have asked our colleagues and will now introduce a new employee to you in our blog series “Life @ Virtual Forge” on a regular basis.
 

Read more

Dangers in SAP® Transport Management Part 4: Automated Code Execution while Importing

December 7, 2017 From Thomas Fritsch, Virtual Forge GmbH

Almost every SAP® Basis administrator knows how dangerous XPRA entries can be in transport requests (R3TR XPRA <report name>). In principle, any report that does not require any specific parameters can be executed immediately after importing it. If the desired report is not available in the target system yet, it can either be imported with the same request or imported with a previous transport request. The later method is better for covering up attacks as the immediate connection between planting the code and executing it is not as easy to detect.

Read more

Dangers in SAP® Transport Management Part 3: Manipulation of Job Management

November 23, 2017 From Thomas Fritsch, Virtual Forge GmbH

Job Management in SAP® poses a big attack surface for external manipulation. The possibilities reach from abusing the vulnerabilities of certain SAP standard jobs over changing critical job attributes to completely defining and including jobs via transport request.

Read more

Higher SAP® Security by Running ABAP Code Scans

November 20, 2017 From Virtual Forge GmbH

In order to systematically find security vulnerabilities in custom SAP® developments and to correct errors, Krones AG  introduced automated code checks despite of initial doubts. After a two year operating period, the machine and plant manufacturer draws a positive conclusion.

Read more

Dangers in SAP® Transport Management Part 2: Circumventing AUTHORITY CHECKS transaction-specifically

November 2, 2017 From Thomas Fritsch, Virtual Forge GmbH

The first article of this series talked about the global deactivation of authorization checks for single authorization objects per transport. A similar risk results from the possibility of deactivating authorization checks transaction-specifically. It is even more difficult to detect an attack if this method is used, as the impact can be limited to one transaction.

Read more

Vulnerability Scanners for Your SAP® Systems

October 24, 2017 From Virtual Forge GmbH

An increasing number of companies report on the importance of vulnerability scanners in the IT context. We will go one step further and tell you why it is reasonable to particularly use vulnerability scanners for your SAP® systems.

Read more