Skip to content

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

Search

SOAP Opera: Securing SAP Web Services

The best run businesses may run SAP but very few run it exclusively. Most SAP systems operate in a complex, heterogeneous environment with information and processes spread across multiple systems including legacy applications. For SAP, this has always been a barrier to the rapid deployment of its software. Traditional solutions such IDocs, BAPIs and other

FTC Takes Action against Wyndham Worldwide after Data Breach

Until recently, the fallout from the data breach at Wyndham Worldwide, owner of Ramada, Travelodge and a host of other hotel brands, followed an all too familiar path. Immediately after news of the breach reached customers in 2010, the company followed regular protocols by issuing an apology and committing itself to improving security procedures in

White Hats, Black Hats and Skiddies: The Class System in Information Security

There are few terms more widely misunderstood in the world of information security than the word ‘hacking’. Although it’s used in a variety of contexts, it’s most commonly used to refer to all types of cyber crime including everything from fraud and industrial espionage to identity theft and spamming. If you take this view, cyber

The Top 5 Security Notes you should apply to Patch your SAP systems

April was another bumper month for SAP Security Notes. In all, SAP issued 33 patches, of which 5 were considered critical. Top of the list were Notes 1647225 and 1675432 which address missing authorization checks in components of Business Objects Data Services (EIM-DS) and the SAP Classification System (CA-CL). EIM-DS is SAP’s flagship solution for

The Four Myths of ERP Security

There are several myths in ERP security. One of the most common is that security is largely a matter of controlling access and segregation of duties. Another is that business applications are accessible only within internal networks. Yet another is that such applications are not a target for attack. All three are based on a

A Ten Step Guide to Implementing SAP’s New Security Recommendations

On January 16, SAP issued a revamped version of the whitepaper Secure Configuration of SAP Netweaver Application Server using ABAP, which is rapidly becoming the de-facto standard for securing the technical components of SAP. According to SAP, the guidance provided in the whitepaper is intended to help customers protect ABAP systems against unauthorized access within

SAP had reservations with Deloitte’s blueprint for Marin County

After recently losing Beneficial Mutual as an audit client, Deloitte suffered another major setback last week. While a U.S District Court Judge dismissed racketeering and other claims against the firm made by Marin County as a result of what the Californian authority considered a botched implementation of SAP for Public Sector, the court declared that

When do default passwords become a configuration error?

The answer is when your Legal department is managing the fallout after a data breach. The case in point is the Utah Department of Health which announced this week that over 280,000 records belonging to Medicaid and CHIP recipients were compromised after a breach last week believed to be perpetrated by a group in Eastern

Why you should immediately patch the recent DoS Vulnerability in AIX

IBM released an advisory in February for a Denial of Service (DoS) vulnerability in AIX versions 5.3, 6.1, and 7.1. The warning seems to have flown under the radar since so far, many companies running the effected AIX OS platforms for their SAP environments have yet to deploy the patch. The vulnerability relates to a

MasterCard confirms it will enforce the PCI DSS compliance deadline for Level 2 merchants

As you probably recall, MasterCard issued a directive in 2009 that required all Level 2 merchants to comply with the PCI DSS through either a Self-Assessment Questionnaire (SAQ) prepared by a certified Internal Security Assessor or an assessment performed by a Qualified Security Assessor by June 30, 2010. Following an uproar from merchants, this was

Microsoft Hack Exposed Credit Card Details

Earlier today, Microsoft issued a statement that declared that the financial information belonging to customers of its online store in India may have been compromised by the recent attack perpetrated by a Chinese group called the “Evil Shadow Team.” It is widely believed that this information was stored in clear text in databases raided by

Netweaver Single Sign-On: Is it Worth the Risk?

SAP’s acquisition of SECUDE in 2011 is finally bearing fruit. Recently, SAP announced the launch of Netweaver Single Sign-On 1.0 which can be downloaded from the Service Marketplace. This is the latest addition to SAP’s identity and access management portfolio and is based on SECUDE’s Secure Login and Enterprise SSO solutions. It uses protocols such

Page1 Page2 Page3 Page4 Page5

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Solutions

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Services

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

Resources

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Recent News

Key Takeaways of the DBIR 2026 for SAP Solutions

SAP Security Notes May 2026: Supply-Chain Attack and Critical Vulnerabilities Explained

Mini Shai-Hulud: Understanding the SAP Supply Chain Malware

Key Takeaways of the DBIR 2026 for SAP Solutions

SAP Security Notes May 2026: Supply-Chain Attack and Critical Vulnerabilities Explained

Mini Shai-Hulud: Understanding the SAP Supply Chain Malware

Browse Previous Content

Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us