As part of our “SAST DAYS” series, we regularly inform you about current developments and upcoming trends in the area of SAP Security & Compliance and offer a forum for an active Exchange.
Register now as a participant, as the places are limited as usual. Please note: the event language is German.
Our webinars offer you a live forum in which you can get the answers to your specific questions about the latest topics in SAP Security & Compliance without having to invest a lot of time.
Check out our current topics and register now.
Time and again, we’ve seen subpar handling of risk resolution in practice for RFC interfaces, with no guarantee for maintaining proper and secure operating conditions.
In today’s practical tip, we give you a step-by-step explanation of how you can secure your SAP gateways against unauthorized calls.
After upgrading to a new SAP release, customers often face the challenge of using the SAP transaction SU25 to bring their authorizations up to speed, as well.
In today’s practical tip, Steffen Maltig shows you how to save up to 90% of the resources this normally requires.
To help you avoid struggling with missing organizational level configurations in your next authorization rollout project, Sascha Heckmann has a practical tip on how to prevent the loss of these configurations in your authorization roles.
To answer the question of which Security & Compliance check is right for you, we must first remember that the term “vulnerabilities” can refer to very different levels of your system landscape and thus refer to a number of attack vectors.
This ranges from system-side levels (e.g. operating system and network security) to the underlying database including the current parameterization of your SAP systems down to the authorizations required for operations and applications, including any SoD conflicts.
So, the first question is – how sure are you that you know where your vulnerabilities are? Continue reading
Takeda’s twin objectives were to accelerate and simplify its authorization assignment process while deploying a tool that was simultaneously capable of providing vulnerability monitoring for its SAP backend worldwide. Continue reading
The EU General Data Protection Regulation (EU GDPR) takes effect on May 25, 2018, and hardly a day goes by without some news about it – and that’s the way it should be! As demonstrated by a DSAG member survey of SAP users just a few weeks ago, only just over half of all the companies (53%) have a roadmap. To say nothing of full implementation of the new requirements.
Michael Muellner, Head of Security & Compliance at AKQUINET, discusses helps to make this topic accessible to you by building a bridge from the statutory requirements to steps in operations and concrete tips.
The addition “WITH HEADER LINE” has technically been unnecessary going back several SAP versions now. This is because the statement declares both internal tables and an additional data object – the header line.
There are a large number of notes that spread awareness that the use of this statement causes various content problems. Among other things, the use of the same name means that it is not immediately apparent as to whether you are working on a table or a header line.
However, what the notes typically do not warn you about is that this kind of programming goes hand in hand with security problems for your SAP systems.