9 deadly sins in SAP Security

by Andreas Wiegenstein, Virtuall Forge

There are probably a million things SAP customers can do wrong, when it comes to SAP security.

I have collected the most critical mistakes my team has observed in SAP Penetration testing projects over the past 10 years.

Here is the definitive list of the most deadly sins:

1. Hard-coded SAP* user active

The moment a malicious user gets a network connection to a login mechanism of your SAP system (e.g. SAP GUI, BSP, Web Dynpro, RFC) he can login with the hard coded username (‘SAP*’) and password (‘PASS’), gaining SAP_ALL privileges and has full control of the SAP system. Continue reading 9 deadly sins in SAP Security

Ensuring the Security and Quality of Custom SAP Applications

How safe is your business?

In order to better serve specific business requirements,  SAP standard solutions are often enhanced with custom applications. In many industries, the proportion of proprietary developments in SAP systems averages more than twenty five percent, provided either by  internal IT specialists or third-party companies.

Whether SAP applications are at the heart of your business or it is your business to develop SAP add-on applications, you need to both ensure that business critical processes and sensitive data remain safe, and reduce the risk of security breaches or data loss whilst meeting compliance rules and standards.

Download the brochure: Ensuring the Security  and Quality of Custom SAP Applications

Download the entire whitepaper or contact us for more information:

    Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.