Publications

The aim of this publication is to fully introduce and explain the concept of Remote Function Call (RFC) and the impact on the Gateway and Message Server. We will focus not only on the importance of it, but also how to implement secure communication in your landscape. Onapsis strives to provide the most complete security…

Switchable Authorization Checks is a solution provided by SAP that allows developers to deliver authorization changes in an SAP system without disrupting the productive systems. This solution allows system administrators to decide how and when new authorizations are applied in the system. It is managed through transaction SACF (Switchable Authorization Checks Framework) which supports administrators…

Highlighted in a recent IDC survey of 430 IT decision makers, 64% of organizations have experienced a breach of their ERP systems, either SAP or Oracle E-Business Suite. Why? With this in mind, the Onapsis Research Labs works very closely with both SAP and Oracle to help identify and fix vulnerabilities. When we find a…

In February 2017, SAP released Security Note 2413716 regarding configuration changes to secure Trusted RFC for GRC Access Control (AC) Emergency Access Management (EAM), which was a High Priority note. The EAM module provides SAP GRC AC with the ability to determine how access can be granted in case of an emergency, however, you must…

SAP HANA is being pushed by SAP as the absolute in-memory database for its products and more recently, as a standalone platform. The vast majority of companies who have already adopted it are leveraging its capabilities to support business-critical applications. Due to its nature, SAP HANA stores an organization’s most important assets, thus requiring large…

SAP HANA is being pushed by SAP as the absolute in-memory database for its products and more recently as a standalone platform. The vast majority of companies who have already adopted it are leveraging its capabilities to support business-critical applications. Due to its nature, SAP HANA stores an organization’s most important assets, thus requiring large…

When thinking of SAP security we tend to always think of SAP servers and pay little attention to the tools used by end-users that connect to most of our SAP Systems, as well as the way those tools are used. Outside the SAP security world it is well accepted that attackers are no longer targeting…

Every organization running SAP to support its business-critical processes has typically implemented several systems in complex scenarios. Depending on the sizeof the company, the number of SAP Systems, Instances and Products used can be quite large. All of these systems are interconnected and there are different components involved in regards to the connections such as…

Implementing proper security controls for a BusinessObjects implementation is a complex process. There are a number of moving parts, complicated Access Controls, and many client access points. For those tasked with auditing an implementation it can be difficult to know where to begin. In this white paper we discuss the BusinessObjects architecture landscape, discuss common…