Skip to content

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us

Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

EXECUTIVE SUMMARY

Leading the Conversation in SAP Cybersecurity

Our blog is the premier resource for CISOs and SAP security and Basis specialists seeking deep technical insights into the SAP threat landscape. Our research team provides expert analysis on emerging attack vectors targeting S/4HANA, SAP RISE, and SAP BTP, as well as practical guidance on meeting global compliance standards such as NIS2 and SOX. By translating complex vulnerability disclosures into actionable defense strategies, we empower the global SAP community to harden their mission-critical environments and implement proactive monitoring frameworks that bridge the gap between SAP teams and security operations.

Recent Articles & Threat Intel

Search

Search

Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools

On April 30, SAP released SAP Security Note 3747787 in response to the discovery of malicious code in npm packages connected to SAP development tools. The code is part of a malware campaign labelled Mini Shai-Hulud targeting the software supply chain for SAP cloud development. Shai-Hulud is a reference to the sandworms from the fictional

From SAP Logs to Security Intelligence: Integrating SAP with Splunk

Splunk is one of the world’s most widely used platforms for collecting, indexing, and analyzing data from across enterprise environments, including servers, applications, cloud services, and network devices. It is commonly used by security operations teams as a Security Information and Event Management (SIEM) platform to centralize log data, correlate events, detect threats, investigate incidents,

SAP Security Notes April 2026: Critical SQL Injection and High-Risk Flaws Patched

SAP’s April 2026 security update addresses a critical SQL injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse. This top-priority issue, detailed in Hot News note 3719353, stems from insufficient authorization checks and is fixed by deactivating the vulnerable code. Other high-risk patches were also released. The April 2026 SAP Security Patch

How to Deploy the Cybersecurity Extension for SAP on SAP Build Work Zone

Deploying the Cybersecurity Extension for SAP on SAP BTP involves a three-stage process that takes approximately 45 minutes. First, prepare the SAP BTP subaccount, ensuring the Cloud Connector, destinations, and entitlements are correctly configured. Next, use the Cloud Foundry CLI to deploy the provided .mtar file. Finally, configure SAP Build Work Zone by importing the

Layer Seven Security Achieves CyberSecure Canada Certification

Layer Seven Security has successfully achieved certification under the CyberSecure Canada program, validating its strong cybersecurity posture and the application of recognized baseline security controls. This certification provides customers, especially those who rely on SAP systems, with independent assurance that Layer Seven Security operates within a structured and nationally recognized cybersecurity framework. This certification reinforces

SAP Security Notes March 2026: Critical Log4j and RCE Flaws Patched

SAP’s security notes for March 2026 address 14 vulnerabilities, including two critical “Hot News” items. The most severe patches fix a command injection vulnerability related to Apache Log4j and a remote code execution flaw in SAP NetWeaver Enterprise Portal. A high-risk Denial of Service (DoS) note for SAP Supply Chain Management was also released. This

State-Sponsored Cyber Attacks on SAP: A Guide to Threats and Defenses

State-sponsored cyber attacks are a rapidly increasing threat to SAP solutions, driven by rising geopolitical tensions. Attackers target mission-critical SAP systems for espionage and sabotage, exploiting their wide attack surface and slow enterprise patching cycles. Defending these vital systems requires specialized vulnerability management, real-time threat detection, and a focused effort to harden specific SAP configurations

SAP Security Notes February 2026: Critical Code Injection and Authentication Flaws

SAP’s February 2026 security update addresses several critical vulnerabilities, including a code injection flaw in SAP S/4HANA and SAP CRM, and a missing authentication check in SAP NetWeaver AS ABAP. These “Hot News” notes require immediate attention to prevent potential system compromise and unauthorized data access. The February 2026 SAP Security Notes patch day released

Digital Operational Resilience Act (DORA) Compliance for SAP Solutions

The Digital Operational Resilience Act (DORA) is an EU regulation that requires financial institutions to ensure their Information and Communications Technology (ICT) systems can withstand, respond to, and recover from disruptions. For organizations using SAP for critical functions, this means SAP solutions must be governed, monitored, and tested to meet DORA’s stringent standards for operational

SAP Security Notes January 2026: Critical Vulnerabilities in S/4HANA and More

SAP’s January 2026 security update addresses several critical vulnerabilities, including a SQL injection and a code injection backdoor in S/4HANA that could lead to full system compromise. Immediate patching is required to mitigate risks of data theft, modification, and remote code execution across key SAP products. This advisory summarizes the most severe vulnerabilities released on

What Are the Key Security Risks in RISE with SAP? Findings from the 2025 Benchmark Report

The SAPinsider RISE with SAP 2025 benchmark report reveals a critical security gap: widespread customer non-compliance with the shared responsibility model. The most significant failure is not implementing SAP’s mandatory security hardening requirements, leaving cloud ERP systems vulnerable and exposing organizations to significant operational, legal, and and reputational risk. The report, based on a survey of 122

SAP Security Notes December 2025: Analysis of Critical Patches

SAP’s December 2025 security update includes three “Hot News” notes that patch critical vulnerabilities. These address a code injection flaw in SAP Solution Manager (SolMan), a deserialization vulnerability in SAP jConnect, and multiple issues in Apache Tomcat within SAP Commerce Cloud. Organizations should prioritize applying these patches to mitigate the risk of exploitation. This advisory

Page1 Page2 Page3 Page4 Page5

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Contact Us
Request a Demo
Our Company
Our Customers
Our Success Stories

Solutions

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Cybersecurity Extension for SAP
Product Comparison

Services

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

SAP RISE Security Compliance
Cybersecurity Assessment
Code Vulnerability Assessments
Penetration Testing

Resources

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Threat Reports & Advisories
Whitepapers
News

Recent News

Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools

From SAP Logs to Security Intelligence: Integrating SAP with Splunk

SAP Security Notes April 2026: Critical SQL Injection and High-Risk Flaws Patched

Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools

From SAP Logs to Security Intelligence: Integrating SAP with Splunk

SAP Security Notes April 2026: Critical SQL Injection and High-Risk Flaws Patched

Browse Previous Content

Copyright © 2010-2026 Layer Seven Security Inc. All rights reserved.

Sitemap Privacy Policy

The Gartner Peer Insights Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Extension for SAP
Services
Success Stories
Resources
Contact Us