Layer Seven Security Logo
Book a Demo
Book a Demo
Layer Seven Security Logo
Menu Icon

Category: SAP Security Recommendations

Whitepaper: Securing SAP Solutions from Log4Shell

Log4JShell is one of the most dangerous security vulnerabilities in decades. It can be exploited remotely with minimal complexity and without authentication to execute arbitrary code that could lead to the complete compromise of vulnerable applications. Log4Shell impacts Log4J, a widely installed open-source Java logging utility. A dangerous zero-day remote code execution vulnerability in Log4J […]

Securing SAP Systems from Log4J Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has designated the recent Log4J vulnerability as one of the most serious in decades and urged organizations to immediately address the vulnerability in applications.   Log4j is an open-source logging framework maintained by the Apache Foundation. The framework includes the API Java Naming and Directory Interface (JNDI). Strings […]

CISA Issues Directive for Actively Exploited SAP Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 22-01 on November 3 to compel government departments and agencies to remediate specific vulnerabilities with known exploits. According to CISA, the vulnerabilities pose a significant risk to information systems. This includes several vulnerabilities for SAP applications that must be remediated by May 3, […]

Securing the SYSTEM User in SAP HANA

The SYSTEM user is the most powerful database user in SAP HANA with system-wide privileges including permissions to create and maintain other users, perform system changes, stop and start services, and create and drop databases and tables. The user is created during the initial setup of SAP HANA. Once the system is setup, the SYSTEM […]

Securing Software Supply Chains for SAP Systems

Software supply chain attacks are advanced cyberattacks that target information systems through third party software. Threat actors compromise systems and data by exploiting software builds or interfaces for trusted software. This enables attackers to introduce malware without detection including backdoors. The recent software supply chain attack experienced by SolarWinds is widely regarded as one of […]

Protecting SAP Systems from Ransomware

The recent attack at Colonial Pipeline has demonstrated the devastating impact of ransomware on critical infrastructure. According to the Department of Homeland Security, ransomware a­ttacks have increased by 300% over the past year, impacting all industries and sectors. The average downtime from an att­ack is 21 days. Full recovery takes an average of 287 days. […]

Cybersecurity Extension for SAP Identifies Signatures of Active SAP Cyberattacks

Earlier this month, SAP issued a joint report with a security research firm to highlight active cyber threats targeting SAP applications. According to the report, there is conclusive evidence that attackers are actively targeting and exploiting unsecured SAP applications. The report also reveals that some SAP vulnerabilities are being weaponized in less than 72 hours […]

Layer Seven Security’s Cybersecurity Extension for SAP® Solutions Achieves SAP® Certification as Integrated with SAP NetWeaver®

Toronto, Canada – March 8, 2021 – Layer Seven Security today announced its Cybersecurity Extension v3.4 for SAP® Solutions has achieved SAP®-certified integration with the SAP NetWeaver® technology platform.  The solution has been proven to integrate with SAP solutions, providing automated vulnerability management, threat detection and incident response for SAP applications and infrastructure. “We are delighted to […]

Compliance Reporting for the SAP Security Baseline

The SAP Security Baseline is a widely used benchmark for securing SAP applications. The benchmark includes SAP recommendations for system hardening, authentication and authorization, logging and auditing, and other areas. The recommendations draw on SAP security notes, guides and whitepapers.  The SAP Security Baseline was updated by SAP earlier this year and provides an up-to-date […]

Securing the SAProuter from Remote Attacks

The surge in remote working has led to an increasing reliance on the SAProuter as a means to facilitate secure remote access to SAP applications. As a reverse proxy between external networks and SAP landscapes, the SAProuter enables organizations to apply more granular policies for filtering and securing connections to SAP systems than network firewalls. […]

Layer Seven Security Logo