Layer Seven Security Logo
Book a Demo
Book a Demo
Layer Seven Security Logo
Menu Icon

Category: SAP Vulnerabilities

Discover Vulnerable System Connections with Interface Monitoring

Interface Monitoring provides the answer to one of the most vexing questions in SAP security: where are our vulnerable cross-system connections and how do we monitor them to ensure they’re not abused by attackers? Although Interface Monitoring, also known as Interface Channel Monitoring or ICMon, has been available in SAP Solution Manager since version 7.10 […]

Security KPI Monitoring with SolMan Dashboards

SAP Fiori revolutionizes the user experience in Solution Manager 7.2. The dynamic tile-based layout replaces the work center approach in Solution Manager 7.1. In fact, since the Fiori launchpad provides direct and customizable access to applications, it virtually removes the role of work centers in Solution Manager.  Fiori and Fiori Apps are the first pillar […]

Explore Service Level Reporting in SolMan 7.2

Service Level Reporting (SLR) in SAP Solution Manager performs regular checks against key performance indicators using information available from the EarlyWatch Alert (EWA), Business Warehouse (BW) and the Computer Center Management System (CCMS). The checks can be for single systems or systems grouped into solutions. Reports run automatically on a weekly or monthly schedule but […]

Introducing the SAP Cybersecurity Framework 4.0

Cyber attacks are at epidemic levels. According to research performed by 360 Security, there were over 85 billion attacks in 2015, equivalent to 2000 attacks per second. The cost of data breaches continues to grow, year after year, and reached record levels in 2016. Juniper Research estimate that average costs will exceed $150M within three […]

RFC Hacking: How to Hack an SAP System in 3 Minutes

RFC exploits are hardly new. In fact, some of the well-known exploits demonstrated below are addressed by SAP Notes dating back several years. However, the disturbing fact is that the measures required to harden SAP systems against such exploits are not universally applied. As a result, many installations continue to be vulnerable to relatively simple […]

SAP Security Notes – August 2016

Note 2319506 addresses a blind SQL injection vulnerability in Database Monitors for Oracle. The vulnerability impacts all versions of SAP Basis and rates extremely high on the impact scale using the common vulnerability scoring system. Content-based and time-based blind SQL injection is used by attackers to determine when input is interpreted as a SQL statement. […]

Three Reasons You Should Budget for SAP Breach Costs

The average cost of a data breach has now surpassed $4 million. This is according to the latest study from the Ponemon Institute issued earlier this month. The study surveyed 383 organizations in 12 countries. It revealed that not only are data breach costs increasingly across the board, the probability that organizations will suffer a breach […]

Security in SAP HANA

SAP HANA is now deployed by over 7,500 organizations worldwide. While this represents only a fraction of the 300,000 companies that use SAP software globally, adoption is growing rapidly, doubling in 2015 alone. As expected, the introduction of SAP Business Suite 4 SAP HANA (S/4HANA) has accelerated this growth by widening the use-case for SAP […]

US-CERT Issues Alert for SAP Invoker Servlet Vulnerability

US-CERT published an alert yesterday to warn SAP customers of the dangers posed by the invoker servlet vulnerability in AS Java systems. According to the alert, there is evidence to suggest that SAP systems at 36 organizations have been exploited by the vulnerability. The organizations are based in the United States, United Kingdom, Germany, China, […]

Layer Seven Security Logo