Thank You!
Thank you for contacting Layer Seven Security. We will respond to your request in 1-2 business days.
Here are some recently published articles speaking to securing your SAP systems.
SAP Security Notes, June 2018
Hot News Note 2622660 includes critical security updates for web browser controls delivered with SAP Business Client. The Client provides a unified environment for SAP applications including Fiori, SAP GUI, and Web Dynpro. It supports browser controls from Internet Explorer (IE) and Chrome for displaying HTML content. Security corrections for the WebBrowser control of the …
U.S Treasury Sanctions ERPScan
Earlier this week, the United States Treasury issued an Executive Order to prohibit U.S organizations from engaging with ERPScan, a subsidiary of Digital Security and a provider of security software and services for SAP systems. According to a press release issued by the Treasury, Digital Security “provided material and technological support to Russia’s Federal Security …
Top Five Tips for System Recommendations
System Recommendations in SAP Solution Manager connects directly to SAP Support for real-time patch updates. It also connects to each system within SAP landscapes to monitor patch levels. SysRec downloads corrections for security vulnerabilities from SAP Support to each system and integrates with other areas in Solution Manager for change impact analysis, change management, and …
SAP Security Notes, May 2018
SAP released an update for Hot News Note 2357141 which addresses a critical OS command injection vulnerability in the terminology export report program of SAPterm (transaction STERM). STERM is used to search SAP-delivered terminology and create and maintain customer-specific terminology. TERM_EXCEL_EXPORT is a standard executable program that enables users to export terminology repositories to Excel. …
Monitoring the SAProuter with SAP Solution Manager
The SAProuter performs a pivotal role in SAP landscapes by filtering SAP traffic using a more granular approach than is possible with conventional network-level firewalls. As a stand-alone program, it is commonly installed in DMZ servers that support network services rather than SAP applications. The SAProuter is often targeted by attackers given it’s function as …
SAP Security Notes, April 2018
Hot News Note 2622660 includes critical security updates for web browser controls delivered with SAP Business Client. The Client provides a unified environment for SAP applications including Fiori, SAP GUI, and Web Dynpro. It supports browser controls from Internet Explorer (IE) and Chrome for displaying HTML content. Security corrections for the WebBrowser control of the …
GDPR Compliance with SAP Solution Manager 7.2
The General Data Protection Regulation (GDPR) will be enforceable throughout the European Union in less than a month. The regulation specifies how personal data should be managed and applies to organizations that collect data on EU citizens, regardless of whether or not they are located within the EU. GDPR requirements include data protection measures to …
SAP Security Notes, March 2018
Note 2331141 addresses a high-risk SQL injection vulnerability in the FI Localization tables of S/4HANA. The corrections included in the support packages listed in the note will enable screening of user input for dangerous SQL statements. The formula expressions delivered in Note 2261750 are a prerequisite for user input validation checks delivered via the note. …
Monitor Dangerous Function Module Calls with SAP Solution Manager
SAP systems operate in highly interconnected landscapes integrated by numerous interfacing technologies. The most common interface technology is the RFC protocol. The RFC protocol enables remote-enabled function modules (RFMs) to be called in remote systems. Some RFMs can be exploited to perform dangerous, administrative commands in target systems. For example, the function module BAPI_USER_CREATE can …
SAP Security Notes, February 2018
Note 2589129 addresses multiple high-risk vulnerabilities in HANA Extended Services Advanced (XSA) Server. XSA provides a development and runtime platform for HANA applications. XSA delivers improved reliability and scalability over HANA XS by providing separate runtime environments for applications. Applications operate in trust zones known as spaces. Applications deployed to the same space can share …
Webinar: Threat Detection with SAP Solution Manager 7.2
How does Solution Manager perform threat detection for SAP systems? What type of events are detected? Which logs are monitored? Is this real-time or near-time monitoring? Do you receive email and SMS notifications for alerts? How do you prevent alert flooding? How do you use guided procedures for alert handling and forensic investigations? Is it …
SAP Security Notes, January 2018
Note 2580634 provides instructions for removing a malicious file insertion vulnerability in the Process Control and Risk Management applications of SAP Governance, Risk and Compliance (GRC). The vulnerability could be exploited to upload malicious scripts or other forms of malware to SAP servers. The note includes manual instructions for implementing package GRFN_DOCUMENT_ WT_CHECK of the …
SAP Security Notes, December 2017
SAP issued an important update for Hot News Note 2371726 originally released in November 2016. The note addresses a code injection vulnerability in Text Conversion which enables SAP standard text to be replaced by industry specific text. Function module BRAN_DIR_CREATE in Text Conversion enables an authenticated development user to inject operating system commands and execute …
SAP Solution Manager is ITIL-Certified for Information Security Management
The SAP Integration and Certification Center (ICC) has been validating and certifying solutions from partners and software vendors for over twenty years. The certifications provided by the ICC are based on rigorous testing and enable customers to invest with confidence in technologies that integrate with SAP solutions. This includes technologies that support security scenarios such …
SAP Security Notes, November 2017
Note 2357141 includes updated instructions for removing a critical OS command injection vulnerability in Report for Terminology Export. This is a component of the Basis area Terminology and Glossary (transaction STERM) used to maintain standard terminology for management reporting, financial controlling, product development, and other areas. Report for Terminology Export does not sufficiently validate user …
5 Common Myths for Security Monitoring with SAP Solution Manager
Does Solution Manager have a complex installation process? Is it difficult to maintain? Does it create dangerous connections with SAP systems? Is it a high value target for attackers? Does it provide no support for zero-day vulnerabilities? This article tackles the five most common myths about SAP Solution Manager and reveals the truth behind the …
Featured in SAPinsider: Secure Your SAP Landscapes with SAP Solution Manager 7.2
Firewalls, intrusion detection systems, and antivirus solutions may not protect SAP systems against advanced cyberattacks. However, this does not necessarily mean that SAP customers have to license third-party vulnerability scanning or threat detection solutions to deal with the risk. The answer to their security questions may be closer than they realize. Bundled with standard and …
SAP Security Notes, October 2017
SAP issued an important update for Hot News Note 2371726 originally released in November 2016. The note addresses a code injection vulnerability in Text Conversion which enables SAP standard text to be replaced by industry specific text. Function module BRAN_DIR_CREATE in Text Conversion enables an authenticated development user to inject operating system commands and execute …
SAP Security Notes, September 2017
Note 2408073 prepares systems to handle digitally signed SAP Notes. Digitally signed Notes will be issued by SAP in the future to protect against the risk of uploading Notes containing malware. Digital signatures will support authentication and the identification of changes performed by attackers to SAP-delivered Notes. SAP recommends only uploading digital signed Notes once …
Monitor Table Access with SAP Solution Manager
There has never been a greater need to monitor access to sensitive data in SAP systems. SAP data is increasingly accessible from access points outside network perimeters. Data in SAP systems is also targeted by attackers for cybercrime and corporate espionage. This article demonstrates how you can use SAP Solution Manager to detect and contain …
Equifax Data Breach: Attackers Exploited an Unapplied Security Patch, not a Zero-Day Vulnerability
On September 15, Equifax released a statement to confirm the initial attack vector that led to the compromise of personal information relating to 143 million consumers in the US, UK and Canada targeted an Apache Struts vulnerability within a web application that supports the organization’s online dispute portal. The patch for the vulnerability had been …
SAP Security Notes, August 2017
Note 2381071 patches a critical cross-site Ajax vulnerability in the Prototype JS library of BusinessObjects. Ajax is a method often used by JavaScripts to exchange data between servers and clients to update parts of web pages without refreshing or reloading entire pages. This minimizes network bandwidth usage and also improves response times through rapid operations. …
Discover Vulnerable System Connections with Interface Monitoring
Interface Monitoring provides the answer to one of the most vexing questions in SAP security: where are our vulnerable cross-system connections and how do we monitor them to ensure they’re not abused by attackers? Although Interface Monitoring, also known as Interface Channel Monitoring or ICMon, has been available in SAP Solution Manager since version 7.10 …
SAP Security Notes, July 2017
Note 2442993 deals with a high-risk vulnerability in the Host Agent for SAP HANA. The Host Agent is automatically installed with every SAP instance on NetWeaver 7.02 and higher. The stand-alone component is used for controlling and monitoring SAP and non-SAP instances, databases and operating systems. Note 2442993 recommends upgrading to version 7.21 PL25 to …