Skip to content

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

Search

The Final Frontier: The Challenges in Developing Secure Custom ABAP Programs

In November, SAP released an unusually high number of Security Notes to patch various forms of injection vulnerabilities in it’s software. The trend continued in December with the release of several patches for code injection flaws in the Computer Center Management System (BC-CCM), Project System (PS-IS), Transport Organizer (BC-CTS-ORG) and work processes in Application Servers

SAP Audit Guides for Inventory and Human Resources

Layer Seven Security has released the highly anticipated SAP Audit Guides for Inventory and Human Resources. Download your free copy at http://layersevensecurity.com/SAP_audit_guides.html

SAP Security Notes, September 2012

Missing Authorization Checks, Signature Wrapping Attacks and Code Injection Vulnerabilities. Read September’s Guide to SAP Security Patches at http://layersevensecurity.com/SAP_security_advisories.html

Security Researchers Expose a Dangerous Authentication Bypass in Oracle Databases

More than two-thirds of mid to large SAP customers in every industry run their SAP applications with Oracle databases. Oracle’s success is driven by compatibility and performance. Oracle 11.2 is certified for use with Unix, Linux and Windows-based SAP environments and provides features such as self-tuning, sophisticated partitioning and advanced data compression that give Oracle

SAP Security Notes, August 2012

Missing authorization checks, hardcoded usernames and passwords, and vulnerabilities in credit card data stored in SAP Logistics. Download our latest guide to SAP Security Notes at http://layersevensecurity.com/SAP_security_advisories.html

Cybersecurity Disclosures: A Three Step Strategy for Compliance with the New SEC Guidance

Against a background of growing investor concern and pressure from legislators, the Securities and Exchange Commission (SEC) is leading the drive for more open and timely disclosure of cybersecurity risks and incidents from public companies. Earlier this year, it challenged Amazon’s decision not to disclose the financial impact of the theft of customer data held

Download the Ultimate Guide to Auditing and Securing Procure-to-Pay Controls in SAP

The third installment of Layer Seven Security’s SAP Audit Guide was released today and can be downloaded at http://layersevensecurity.com/SAP_audit_guides.html. The series has proven to be a popular resource for audit and security professionals with over 10,000 downloads to date. The latest Guide focuses upon expenditure-related controls in areas such as vendor master data, purchasing, invoice processing and

SAP Security Notes, July 2012

Missing authorization checks in the Archiving Workbench, default pass phrases on the J2EE secure store and SQL injection vulnerabilities in Java applications. Read the guide to July’s SAP Security Notes at http://layersevensecurity.com/SAP_security_advisories.html

SOAP Opera: Securing SAP Web Services

The best run businesses may run SAP but very few run it exclusively. Most SAP systems operate in a complex, heterogeneous environment with information and processes spread across multiple systems including legacy applications. For SAP, this has always been a barrier to the rapid deployment of its software. Traditional solutions such IDocs, BAPIs and other

FTC Takes Action against Wyndham Worldwide after Data Breach

Until recently, the fallout from the data breach at Wyndham Worldwide, owner of Ramada, Travelodge and a host of other hotel brands, followed an all too familiar path. Immediately after news of the breach reached customers in 2010, the company followed regular protocols by issuing an apology and committing itself to improving security procedures in

White Hats, Black Hats and Skiddies: The Class System in Information Security

There are few terms more widely misunderstood in the world of information security than the word ‘hacking’. Although it’s used in a variety of contexts, it’s most commonly used to refer to all types of cyber crime including everything from fraud and industrial espionage to identity theft and spamming. If you take this view, cyber

The Top 5 Security Notes you should apply to Patch your SAP systems

April was another bumper month for SAP Security Notes. In all, SAP issued 33 patches, of which 5 were considered critical. Top of the list were Notes 1647225 and 1675432 which address missing authorization checks in components of Business Objects Data Services (EIM-DS) and the SAP Classification System (CA-CL). EIM-DS is SAP’s flagship solution for

Page1 Page2 Page3 Page4 Page5

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Solutions

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Services

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

Resources

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Recent News

SAP Security Notes, April 2026

Now on SAP BTP: Access the Cybersecurity Extension for SAP on SAP Build Work Zone

Layer Seven Security Achieves CyberSecure Certification

SAP Security Notes, April 2026

Now on SAP BTP: Access the Cybersecurity Extension for SAP on SAP Build Work Zone

Layer Seven Security Achieves CyberSecure Certification

Browse Previous Content

Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us