Switchable authorization checks and callback whitelists: A note on RFC security

This week SAP published a paper with the Monthly SAP Notes titled Securing Remote Function Calls (RFC) which outlines guidelines on the best practices to configure different RFC security features. In this post we will focus on two of the newest features in the paper:

Analyzing SAP Security Notes November 2014 Edition

SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business or through the application of Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated. In order to provide a predictable and scheduled flow of vulnerability mitigation information and security patches, SAP releases the major part of their latest Security Notes information on the second Tuesday of every month.

5 Questions CISOs Should Ask About SAP Security

Over the last few weeks, Adrian Lane, CTO & Analyst from Securosis, a leading cyber-security analyst firm, published two blog posts from his ongoing series called “Building an Enterprise Application Security Program.” In his current posts, Adrian describes how key business applications running on SAP and Oracle have security and compliance gaps that are not covered by traditional security measures.

Logging IP addresses in the Security Audit Log

Hi! I was reviewing some events coming from the Security Audit Log and noticed an interesting behavior.

For those who never heard about it, the Security Audit Log (a.k.a SAL) allows SAP security administrators to keep track of the activities performed in their systems. In a future post we will discuss how to enable and configure it.

Pages

Subscribe to our monthly newsletter, the Defender's Digest!