Audit or Penetration testing? Find your vulnerabilities before you get hurt!

SAST-Blog_Audit-vs-Pentest_Abb_1804To answer the question of which Security & Compliance check is right for you, we must first remember that the term “vulnerabilities” can refer to very different levels of your system landscape and thus refer to a number of attack vectors.

This ranges from system-side levels (e.g. operating system and network security) to the underlying database including the current parameterization of your SAP systems down to the authorizations required for operations and applications, including any SoD conflicts.

So, the first question is – how sure are you that you know where your vulnerabilities are? Continue reading

WITH HEADER LINE – it’s not simply obsolete; it’s a risk.

shutterstock_424352977_akqw_jpgThe addition “WITH HEADER LINE” has technically been unnecessary going back several SAP versions now. This is because the statement declares both internal tables and an additional data object – the header line.

There are a large number of notes that spread awareness that the use of this statement causes various content problems. Among other things, the use of the same name means that it is not immediately apparent as to whether you are working on a table or a header line.

However, what the notes typically do not warn you about is that this kind of programming goes hand in hand with security problems for your SAP systems.

Continue reading

Do SAP security policies create more security? Not usually…

Motiv_SAST-Security_Bild03_150dpi_1701You might already know that, as of Release 7.40 Sp8, you can use SAP security policies to define user-specific security parameters, contrary to the system profile values. But did you also know that you can inadvertently weaken secure values such as login restrictions and password complexity as a result?

Our practical tip will show you how to effectively prevent such a weakening.

Continue reading

What does the new SAST Suite 5.0 offer?

Motiv_es_Abschluss_150dpi_1610GRC tools, IT vulnerability analysis, authorization management, SIEM management – these are four of the top five topics cited by IT decision-makers when asked which current and future technologies are of vital importance to them. *

This means that the new release of GRC Suite from AKQUINET – couldn’t have arrived at a better time to offer answers on some of the subjects that are on the minds of these managers right now. In this interview, Lars Henning (product manager for the SAST Suite) presents the highlights of the latest version, along with some helpful tips.

Continue reading