Skip to content
Layer Seven Security Logo
  • Cybersecurity Extension for SAP
    • Product Information
    • Features
      • SAP RISE Security
      • S/4HANA Migration Security
      • Code Vulnerability Analysis for SAP
      • SIEM Integration for SAP
      • NIS2 Compliance for SAP
      • Virtual Patching for SAP
    • Buyers Guide
  • Services
    • SAP RISE Security Compliance
    • SAP Cybersecurity Assessment
    • SAP Penetration Testing
    • SAP Code Vulnerability Assessment
  • Success Stories
  • Resources
    • Case Studies
    • Whitepapers
    • News
    • Threat Reports & Advisories
  • Contact Us
Book a Demo
Book a Demo
Layer Seven Security Logo
Menu Icon

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

New Whitepaper: A Clear Path to NIS2 Compliance for SAP Solutions

A new whitepaper from Layer Seven Security provides a clear, actionable guide for achieving compliance with the EU’s NIS2 Directive for organizations running SAP. It details hardening standards, threat detection, and incident response mechanisms specifically for SAP environments, including guidance for SAP RISE, to meet the directive’s strict cybersecurity and reporting requirements. The European Union’s

Read Article

SAP Security Notes August 2024: Critical Flaws in Build Apps and BOBJ

SAP’s August 2024 security advisories address several critical vulnerabilities, including a Server-Side Request Forgery (SSRF) in SAP Build Apps and a missing authentication check in SAP BusinessObjects Business Intelligence Platform (BOBJ). These high-priority patches require immediate attention to prevent potential system compromise and data leakage. The August 2024 SAP Patch Day released fixes for multiple

Read Article

CrowdStrike Outage: Key Lessons for Securing SAP Solutions

The July 2024 worldwide systems outage, caused by a faulty update to CrowdStrike’s Falcon security platform, serves as a critical wake-up call for organizations running business-critical SAP solutions. The incident highlights the inherent risks of third-party security agents that operate at the kernel level, forcing a necessary re-evaluation of how to balance rapid threat response

Read Article

SAP Security Notes July 2024: Key Vulnerabilities & Patches

SAP’s July 2024 security notes address several critical vulnerabilities, led by a high-risk missing authentication check in SAP S/4HANA. Also included are patches for a password misuse flaw in SAP Commerce, an information disclosure bug in SAP NetWeaver, and multiple cross-site scripting vulnerabilities. Executive Summary The July 2024 SAP Security Patch Day features several important

Read Article

SAP Security Notes June 2024: High-Priority Fixes for AS Java and S/4HANA

SAP’s June 2024 Patch Day addresses several key vulnerabilities, including a high-priority denial of service issue in NetWeaver AS Java and privilege escalation flaws in S/4HANA and BW/4HANA. Organizations should prioritize applying these patches to mitigate risks of system downtime, data exposure, and unauthorized access. This summary covers the most significant security notes released on

Read Article

What’s New in Cybersecurity Extension for SAP Version 5.1?

Version 5.1 of the Cybersecurity Extension for SAP introduces significant enhancements, including comprehensive access risk analysis for S/4HANA, compliance monitoring for SAP RISE, expanded threat detection patterns matching SAP ETD CE, and new dashboards for tracking actively and known exploited vulnerabilities based on the CISA KEV catalog. The latest release, version 5.1 of the Cybersecurity Extension for

Read Article

SAP Security Notes May 2024: Analysis of Critical Patches

SAP’s May 2024 security update addresses several critical and high-risk vulnerabilities, led by a “Hot news” note for a file upload flaw in SAP NetWeaver. Other significant patches include fixes for remote code execution in SAP CX Commerce and multiple cross-site scripting (XSS) vulnerabilities in BusinessObjects and NetWeaver ABAP. The May 2024 SAP Security Notes

Read Article

AI Agents Exploit 87% of Known Vulnerabilities: What This Means for SAP Security

A recent study from the University of Illinois has shown that AI agents, specifically using OpenAI’s GPT-4, can autonomously exploit security vulnerabilities with an 87% success rate when given access to CVE advisories. This groundbreaking research highlights the increasing risk of automated cyberattacks, significantly lowering the cost and complexity for threat actors. For organizations running

Read Article

SAP Security Notes April 2024: Key Vulnerabilities and Patches

SAP’s April 2024 Security Patch Day addressed 10 new security notes, including three high-priority vulnerabilities. The most critical note, 3434839, tackles a security misconfiguration in SAP NetWeaver AS Java that could allow for weak passwords. Other significant patches address an information disclosure flaw in SAP BusinessObjects and a directory traversal vulnerability in SAP Asset Accounting.

Read Article

How to Protect SAP Systems from SQL Injection Attacks Highlighted by FBI & CISA

The FBI and CISA have issued an urgent alert regarding the active exploitation of SQL injection vulnerabilities by cybercrime groups like CL0P (TA505). These attacks have resulted in significant ransomware extortion, underscoring the critical need for organizations to secure their software—especially custom applications running on platforms like SAP. This post breaks down the recent FBI

Read Article

SAP Security Notes March 2024: AEO Optimized Summary

SAP’s March 2024 security updates addressed several critical and high-priority vulnerabilities requiring attention from administrators. The patches included two “Hot News” notes for code injection flaws in SAP Build Apps and SAP NetWeaver AS Java, alongside high-priority fixes for path traversal in BusinessObjects, Denial-of-Service in HANA XS, and an authentication flaw in SAP Commerce Cloud.

Read Article

How to Ensure Security Compliance for SAP RISE Solutions

Securing SAP RISE solutions requires adhering to over 120 specific requirements across 12 security areas defined by SAP. Organizations can achieve this compliance by performing automated gap assessments using the Cybersecurity Extension for SAP (CES), which evaluates system settings against mandatory hardening standards to identify and remediate security vulnerabilities. SAP RISE customers, including those using

Read Article
« Page1 … Page3 Page4 Page5 Page6 Page7 … Page27 »
Layer Seven Security Logo
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
  • Contact Us
  • Request a Demo
  • Our Company
  • Our Customers
  • Our Success Stories
Solutions
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
  • Cybersecurity Extension for SAP
  • Product Comparison
Services
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
  • SAP RISE Security Compliance
  • Cybersecurity Assessment
  • Code Vulnerability Assessments
  • Penetration Testing
Resources
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
  • Threat Reports & Advisories
  • Whitepapers
  • News
Recent News

SAP Security Notes, July 2026

Security Logging for SAP BTP

SAP Security Notes, June 2026

SAP Security Notes, July 2026

Security Logging for SAP BTP

SAP Security Notes, June 2026

Browse Previous Content
Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap    Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Layer Seven Security Logo
  • Cybersecurity Extension for SAP
    • Product Information
    • Features
      • SAP RISE Security
      • S/4HANA Migration Security
      • Code Vulnerability Analysis for SAP
      • SIEM Integration for SAP
      • NIS2 Compliance for SAP
      • Virtual Patching for SAP
    • Buyers Guide
  • Services
    • SAP RISE Security Compliance
    • SAP Cybersecurity Assessment
    • SAP Penetration Testing
    • SAP Code Vulnerability Assessment
  • Success Stories
  • Resources
    • Case Studies
    • Whitepapers
    • News
    • Threat Reports & Advisories
  • Contact Us