With ERP systems, such as SAP and the Oracle E-Business Suite (EBS) at the core of your business, these systems also must be a focus of your SOX audit. Business-critical applications including your financials are supported by your ERP systems and issues can easily become material weakness. As a result, it is necessary to stay up-to-date regarding what different industries are doing to protect the integrity of financial statements while reducing the costs of implementing and testing the internal controls.
Your security teams spend hours configuring SAP to ensure its security, but how do you make sure the systems remain secure?
Every organization running SAP to support its business-critical processes has typically implemented several systems in complex scenarios. Depending on the size of the company, the number of SAP Systems, Instances and Products used can be quite large.
Chinese most likely using one of top three most common SAP exploits, as identified by Onapsis, to compromise US agencies
The Hill publication reported on November 3, 2014 that Chinese hackers roamed around unnoticed for months inside the network of USIS, is the biggest commercial provider of background investigations to the federal U.S. government. In fact, two of the company’s biggest customers were the Department of Homeland Security (DHS) and the Office of Personnel Management (OPM).
Hi! Today I wanted to share some insight on the behavior of SAP Gateway using its ACL files. Particularly, I'll focus on the ACL which restricts direct RFC connections to the Gateway (gw/acl_file). Briefly, this ACL does not replace sec_info or reg_info (they restrict external servers), acl_file controls direct RFC connections from external clients or other SAP Systems, which is actually the most common kind of RFC connection. Check this document describing the ACL syntax.
Hi! In this post I want to summarize you another little-known behavior of SAP Gateway, which is its ability to act as a proxy. Basically when we want to perform an RFC connection two parameters are specified: the IP of the gateway and the IP of the application server. But wait... Is not the gateway always located in the same host than the application server? Yes, usually... but there are some specific cases where you need to use these parameters with different values.
In previous posts we performed security assessments on the Management Console.
For the upcoming assessments we will need a tool to connect with the underlying databases. SQL*Plus is an Oracle utility with a basic command-line interface which allows us to connect with Oracle databases and execute queries in a simple fashion.
In the previous post we discovered the SAP Services listening on each one of the open ports. Now we can execute Bizploit plug-ins to assess the security of these SAP services.
Let’s have a look at the Discovery and Vulnassess plug-ins available in Bizploit.
We are used to talk about SAP and its components, but in the following post we will put ourselves into the role of an SAP user faced with the environment we need to protect. This post can be considered an introduction to SAP security and the components we are interested in protecting.
SAP stands for Systems Applications and Products in data processing. It is a Germany-based company which for the last 42 years has been developing the most widely adopted ERP (Enterprise Resource Planning) systems used by the biggest companies in the world.