Lessons from the Top Ten Data Breaches of 2012: Defense-in-Depth for SAP Systems
According to the Privacy Rights Clearinghouse (PRC), there were 680 reported data breaches in 2012 covering all forms of commercial, governmental, educational, medical and non-profit organizations. The breaches are estimated to have compromised over 27M data records. The most significant breach occurred at VeriSign. Although the extent of the breach has never been disclosed […]
The Final Frontier: The Challenges in Developing Secure Custom ABAP Programs
In November, SAP released an unusually high number of Security Notes to patch various forms of injection vulnerabilities in it’s software. The trend continued in December with the release of several patches for code injection flaws in the Computer Center Management System (BC-CCM), Project System (PS-IS), Transport Organizer (BC-CTS-ORG) and work processes in Application Servers […]
SAP Audit Guides for Inventory and Human Resources
Layer Seven Security has released the highly anticipated SAP Audit Guides for Inventory and Human Resources. Download your free copy at http://layersevensecurity.com/SAP_audit_guides.html
SAP Security Notes, September 2012
Missing Authorization Checks, Signature Wrapping Attacks and Code Injection Vulnerabilities. Read September’s Guide to SAP Security Patches at http://layersevensecurity.com/SAP_security_advisories.html
Security Researchers Expose a Dangerous Authentication Bypass in Oracle Databases
More than two-thirds of mid to large SAP customers in every industry run their SAP applications with Oracle databases. Oracle’s success is driven by compatibility and performance. Oracle 11.2 is certified for use with Unix, Linux and Windows-based SAP environments and provides features such as self-tuning, sophisticated partitioning and advanced data compression that give Oracle […]
SAP Security Notes, August 2012
Missing authorization checks, hardcoded usernames and passwords, and vulnerabilities in credit card data stored in SAP Logistics. Download our latest guide to SAP Security Notes at http://layersevensecurity.com/SAP_security_advisories.html
Cybersecurity Disclosures: A Three Step Strategy for Compliance with the New SEC Guidance
Against a background of growing investor concern and pressure from legislators, the Securities and Exchange Commission (SEC) is leading the drive for more open and timely disclosure of cybersecurity risks and incidents from public companies. Earlier this year, it challenged Amazon’s decision not to disclose the financial impact of the theft of customer data held […]
Download the Ultimate Guide to Auditing and Securing Procure-to-Pay Controls in SAP
The third installment of Layer Seven Security’s SAP Audit Guide was released today and can be downloaded at http://layersevensecurity.com/SAP_audit_guides.html. The series has proven to be a popular resource for audit and security professionals with over 10,000 downloads to date. The latest Guide focuses upon expenditure-related controls in areas such as vendor master data, purchasing, invoice processing and […]
SAP Security Notes, July 2012
Missing authorization checks in the Archiving Workbench, default pass phrases on the J2EE secure store and SQL injection vulnerabilities in Java applications. Read the guide to July’s SAP Security Notes at http://layersevensecurity.com/SAP_security_advisories.html
SOAP Opera: Securing SAP Web Services
The best run businesses may run SAP but very few run it exclusively. Most SAP systems operate in a complex, heterogeneous environment with information and processes spread across multiple systems including legacy applications. For SAP, this has always been a barrier to the rapid deployment of its software. Traditional solutions such IDocs, BAPIs and other […]