Your security teams spend hours configuring SAP to ensure its security, but how do you make sure the systems remain secure?
Our research team recently revealed a critical threat to SAP Netweaver - Join our upcoming webcast to learn more.
The goal of this blog post is to help you understand the importance of enabling the Table Change Logging in your SAP system and the risks that exist if you choose not to enable it.
A look at the OWASP Top 10 most critical web application security risks
As our readers know, we continuously share details to raise awareness and enable organizations to further secure their SAP infrastructure. In this specific blog, we will focus on one of the well-known SAP default users: TMSADM. What the security implications are of having it enabled with default passwords, and how to properly protect it? As you can imagine, it is not as simple as it sounds, so that’s why we created this blogpost for you.
In this month’s SAP Security Notes, it’s noticeable that the priority of the majority of security notes are higher compared to previous month.
Since its foundation, the Onapsis Research Labs have been actively helping SAP improve its security by researching and reporting system vulnerabilities. On the second Tuesday of each month, the Onapsis Research Labs publishes a detailed analysis of the latest SAP security notes. This helps to better assist our customers secure their SAP systems from the latest threats, and helps to ensure that our products are designed to continuously detect new vulnerabilities.
Onapsis Research Labs First to Help Discover and Fix Vulnerabilities in SAP HANA SPS12 - SAP Security Notes December 2016
Today SAP published 23 Security Notes, making a total of 32 notes since last second Tuesday of November, considering several notes that were published outside of the normal publishing schedule. As with every month, the Onapsis Research Labs have an impact on how SAP Security evolves. This month, 6 SAP Security Notes were reported to SAP by our researchers Sergio Abraham, Nahuel Sanchez and Emiliano Fausto (all of them recognized in SAP Webpage).
Not too long ago I published a blog which discussed operationalizing your SAP cybersecurity strategy. In that post I discussed the confusion around division of responsibilities, who should own SAP security, and how SAP security gets operationalized within the organization as this is a common problem my team and I have noticed across organizations.