Layer Seven Security Blog
Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack
SAP Security Notes, May 2017
Note 2380277 addresses a high priority memory corruption vulnerability in the GUI control component of the Internet Graphics Server (IGS). GUI control is a self-contained component of the presentation server in ABAP systems. The Note contains corrections for logical errors in memory management within the component. The errors could be exploited by attackers to extract …
Discover, Implement and Test Security Notes using SAP Solution Manager 7.2
The results of the recent Verizon DBIR revealed significant differences between industries in terms of vulnerability patching. Organizations in sectors such as information technology and manufacturing typically remove over 75% of vulnerabilities within 3 weeks of detection. At the other end of the spectrum, 75% or more of vulnerabilities discovered in financial and public sector …
Highlights of the 2017 DBIR Report
The Data Breach Investigations Report (DBIR) has chronicled the growth in security and data breaches for over a decade. The findings of the most recent report released on April 27 are based on the analysis of more than 42,000 security incidents across a variety of industries and countries. For the first time, the DBIR examines …
SAP Security Notes, April 2017
Note 2419592 includes further corrections for a code injection vulnerability in TREX that was originally patched by SAP through Note 2234226 in February 2016. The vulnerability impacts the TREXNet protocol used for internal communications by TREX components and servers. TREXNet communication does not require any authentication. Therefore, the protocol can be abused to execute dangerous …
Get Hands-On with SAP Solution Manager 7.2 at SAPPHIRE NOW + ASUG 2017
Attending next month’s SAPPHIRE NOW and ASUG Annual Conference? Drop by booth #1280A for a live demonstration of security monitoring using SAP Solution Manager. Learn how to schedule Service Level Reports to automatically detect vulnerabilities in your SAP systems, enable Dashboards to monitor security KPIs, detect and apply security notes using System Recommendations, monitor system interfaces with Interface …
SAP Security Notes, March 2017
Note 2424173 deals with vulnerabilities in SAP HANA that were the subject of media attention in March. This includes coverage from the television news channel MSNBC. The vulnerabilities impact areas such as User Self Service Tools that support account-related tasks including password resets and self-registration through a web interface. The Note carries a CVSS of …
Security KPI Monitoring with SolMan Dashboards
SAP Fiori revolutionizes the user experience in Solution Manager 7.2. The dynamic tile-based layout replaces the work center approach in Solution Manager 7.1. In fact, since the Fiori launchpad provides direct and customizable access to applications, it virtually removes the role of work centers in Solution Manager. Fiori and Fiori Apps are the first pillar …
SAP Security Notes, February 2017
Note 2410061 patches a dangerous Distributed Denial of Service (DDoS) vulnerability in the Data Orchestration Engine (DOE) Administration Portal. The DOE is used to access the SAP NetWeaver Mobile Administrator to manage and monitor mobile system landscapes. This includes connecting mobile clients, deploying agents and packages to mobile devices, managing single sign-on, and other tasks. …
Explore Service Level Reporting in SolMan 7.2
Service Level Reporting (SLR) in SAP Solution Manager performs regular checks against key performance indicators using information available from the EarlyWatch Alert (EWA), Business Warehouse (BW) and the Computer Center Management System (CCMS). The checks can be for single systems or systems grouped into solutions. Reports run automatically on a weekly or monthly schedule but …
SAP Security Notes, January 2017
Note 2407862 deals with a highly dangerous buffer overflow vulnerability in Sybase Software Asset Management (SySAM) that scores almost 10/10 using the Common Vulnerability Scoring System. SySAM performs license management for products such as ASE, ESP, PowerDesigner and the Replication Server. The vulnerability arises from the Flexera Flexnet Publisher software bundled in SySAM. The third …
Introducing the SAP Cybersecurity Framework 4.0
Cyber attacks are at epidemic levels. According to research performed by 360 Security, there were over 85 billion attacks in 2015, equivalent to 2000 attacks per second. The cost of data breaches continues to grow, year after year, and reached record levels in 2016. Juniper Research estimate that average costs will exceed $150M within three …
RFC Hacking: How to Hack an SAP System in 3 Minutes
RFC exploits are hardly new. In fact, some of the well-known exploits demonstrated below are addressed by SAP Notes dating back several years. However, the disturbing fact is that the measures required to harden SAP systems against such exploits are not universally applied. As a result, many installations continue to be vulnerable to relatively simple …
Introducing the New Dashboard Framework for SAP Solution Manager
Earlier this year, SAP announced the general availability of Focused Insights, an enhanced dashboard framework for SAP Solution Manager. The framework was previously only available to MaxAttention customers as part of MaxAttention Next Generation Add-On (MANGO) services but is now available for all SAP customers. The dashboards aggregate real-time and historical data collected by Solution …
Securing Your Business: Security at SAP
In an open letter addressed to SAP customers earlier this year, SAP CEO Bill McDermott acknowledges the “tremendous concern around information security” given the “relentless and multiplying” threat presented by increasingly sophisticated attackers. The letter introduces the SAP paper Securing Your Business that discusses security trends and outlines SAP’s response to cyber threats. According to …
Cybercrime Projected to Reach $2 Trillion by 2019
According to a recent study from Juniper Research, the worldwide cost of data breaches will exceed $2 trillion by 2019. This is equivalent to 2.2% of forecast global GDP and represents a four-fold increase upon data breach costs in 2015. The average cost of data breaches will also increase to $150 million or 25 times …
SAP CSO Recommends Solution Manager for Security Monitoring
SAP Chief Security Officer, Justin Somaini, opened the first of a series of five webcasts from the America’s SAP User Group (ASUG) on the topic of SAP security. The series is intended to present SAP’s response to the growing concern over cybersecurity by discussing: The IT threat landscape and SAP’s approach to strategic security; Best-practices to safeguard both …
Detecting SAP Cyber Attacks with SAP Solution Manager
Despite the $75 billion spent by organizations on security software in 2015, average times to detection for cyber attacks are an astounding 170 days (DBIR, 2016). Most attacks therefore go undetected for almost six months. An incident response strategy can address this gap by enabling organizations to proactively discover and contain security incidents that could …
SAP Security Notes – August 2016
Note 2319506 addresses a blind SQL injection vulnerability in Database Monitors for Oracle. The vulnerability impacts all versions of SAP Basis and rates extremely high on the impact scale using the common vulnerability scoring system. Content-based and time-based blind SQL injection is used by attackers to determine when input is interpreted as a SQL statement. …
7 Reasons You Should Upgrade to SolMan 7.2
SAP Solution Manager (SolMan) is the epicenter of SAP implementations and the standard for monitoring and maintaining SAP landscapes. The general availability of release 7.2 in August is expected to deliver major advances in seven specific areas. The first is support for managing the implementation lifecycle of HANA and S/4HANA. SolMan 7.2 is optimized to …
Three Reasons You Should Budget for SAP Breach Costs
The average cost of a data breach has now surpassed $4 million. This is according to the latest study from the Ponemon Institute issued earlier this month. The study surveyed 383 organizations in 12 countries. It revealed that not only are data breach costs increasingly across the board, the probability that organizations will suffer a breach …
Security in SAP HANA
SAP HANA is now deployed by over 7,500 organizations worldwide. While this represents only a fraction of the 300,000 companies that use SAP software globally, adoption is growing rapidly, doubling in 2015 alone. As expected, the introduction of SAP Business Suite 4 SAP HANA (S/4HANA) has accelerated this growth by widening the use-case for SAP …
US-CERT Issues Alert for SAP Invoker Servlet Vulnerability
US-CERT published an alert yesterday to warn SAP customers of the dangers posed by the invoker servlet vulnerability in AS Java systems. According to the alert, there is evidence to suggest that SAP systems at 36 organizations have been exploited by the vulnerability. The organizations are based in the United States, United Kingdom, Germany, China, …
How to Visualize Cyber Security Risks in Your Systems with SAP Lumira
SAP Lumira can be used to access, visualize and explore data of any size from virtually any source. It enables users to build and share powerful interactive data visualizations using a simple user-friendly interface. Since Lumira can acquire data and enable users to create customized reports through self-service, it removes the need for programming, scripting …
How to Block RFC Callback Attacks in Your SAP Systems
Callback attacks exploit weaknesses in RFC security to execute function modules in calling systems. The impact of such attacks can be severe, ranging from the creation of dialog users with system-wide privileges to modifying or extracting sensitive data. This can occur if client systems execute malicious code within the function modules of connected systems. In …