Thank You!

Thank you for contacting Layer Seven Security. We will respond to your request in 1-2 business days.

Here are some recently published articles speaking to securing your SAP systems.

SAP Security Notes, June 2018

Posted on
Hot News Note 2622660 includes critical security updates for web browser controls delivered with SAP Business Client. The Client provides a unified environment for SAP applications including Fiori, SAP GUI, and Web Dynpro.  It supports browser controls from Internet Explorer (IE) and Chrome for displaying HTML content. Security corrections for the WebBrowser control of the …
Read Article SAP Security Notes, June 2018

U.S Treasury Sanctions ERPScan

Posted on
Earlier this week, the United States Treasury issued an Executive Order to prohibit U.S organizations from engaging with ERPScan, a subsidiary of Digital Security and a provider of security software and services for SAP systems. According to a press release issued by the Treasury, Digital Security “provided material and technological support to Russia’s Federal Security …
Read Article U.S Treasury Sanctions ERPScan

Top Five Tips for System Recommendations

Posted on
System Recommendations in SAP Solution Manager connects directly to SAP Support for real-time patch updates. It also connects to each system within SAP landscapes to monitor patch levels. SysRec downloads corrections for security vulnerabilities from SAP Support to each system and integrates with other areas in Solution Manager for change impact analysis, change management, and …
Read Article Top Five Tips for System Recommendations

SAP Security Notes, May 2018

Posted on
SAP released an update for Hot News Note 2357141 which addresses a critical OS command injection vulnerability in the terminology export report program of  SAPterm (transaction STERM). STERM is used to search SAP-delivered terminology and create and maintain customer-specific terminology. TERM_EXCEL_EXPORT is a standard executable program that enables users to export terminology repositories to Excel. …
Read Article SAP Security Notes, May 2018

Monitoring the SAProuter with SAP Solution Manager

Posted on
The SAProuter performs a pivotal role in SAP landscapes by filtering SAP traffic using a more granular approach than is possible with conventional network-level firewalls. As a stand-alone program, it is commonly installed in DMZ servers that support network services rather than SAP applications. The SAProuter is often targeted by attackers given it’s function as …
Read Article Monitoring the SAProuter with SAP Solution Manager

SAP Security Notes, April 2018

Posted on
Hot News Note 2622660 includes critical security updates for web browser controls delivered with SAP Business Client. The Client provides a unified environment for SAP applications including Fiori, SAP GUI, and Web Dynpro.  It supports browser controls from Internet Explorer (IE) and Chrome for displaying HTML content. Security corrections for the WebBrowser control of the …
Read Article SAP Security Notes, April 2018

GDPR Compliance with SAP Solution Manager 7.2

Posted on
The General Data Protection Regulation (GDPR) will be enforceable throughout the European Union in less than a month. The regulation specifies how personal data should be managed and applies to organizations that collect data on EU citizens, regardless of whether or not they are located within the EU. GDPR requirements include data protection measures to …
Read Article GDPR Compliance with SAP Solution Manager 7.2

SAP Security Notes, March 2018

Posted on
Note 2331141 addresses a high-risk SQL injection vulnerability in the FI Localization tables of S/4HANA. The corrections included in the support packages listed in the note will enable screening of user input for dangerous SQL statements. The formula expressions delivered in Note 2261750 are a prerequisite for user input validation checks delivered via the note. …
Read Article SAP Security Notes, March 2018

Monitor Dangerous Function Module Calls with SAP Solution Manager

Posted on
SAP systems operate in highly interconnected landscapes integrated by numerous interfacing technologies.  The most common interface technology is the RFC protocol. The RFC protocol enables remote-enabled function modules (RFMs) to be called in remote systems. Some RFMs can be exploited to perform dangerous, administrative commands in target systems. For example, the function module BAPI_USER_CREATE can …
Read Article Monitor Dangerous Function Module Calls with SAP Solution Manager

SAP Security Notes, February 2018

Posted on
Note 2589129 addresses multiple high-risk vulnerabilities in HANA Extended Services Advanced (XSA) Server. XSA provides a development and runtime platform for HANA applications. XSA delivers improved reliability and scalability over HANA XS by providing separate runtime environments for applications. Applications operate in trust zones known as spaces. Applications deployed to the same space can share …
Read Article SAP Security Notes, February 2018

Webinar: Threat Detection with SAP Solution Manager 7.2

Posted on
How does Solution Manager perform threat detection for SAP systems? What type of events are detected? Which logs are monitored? Is this real-time or near-time monitoring?  Do you receive email and SMS notifications for alerts? How do you prevent alert flooding? How do you use guided procedures for alert handling and forensic investigations? Is it …
Read Article Webinar: Threat Detection with SAP Solution Manager 7.2

SAP Security Notes, January 2018

Posted on
Note 2580634 provides instructions for removing a malicious file insertion vulnerability in the Process Control and Risk Management applications of SAP Governance, Risk and Compliance (GRC). The vulnerability could be exploited to upload malicious scripts or other forms of malware to SAP servers. The note includes manual instructions for implementing package GRFN_DOCUMENT_ WT_CHECK of the …
Read Article SAP Security Notes, January 2018

SAP Security Notes, December 2017

Posted on
SAP issued an important update for Hot News Note 2371726 originally released in November 2016. The note addresses a code injection vulnerability in Text Conversion which enables SAP standard text to be replaced by industry specific text. Function module BRAN_DIR_CREATE in Text Conversion enables an authenticated development user to inject operating system commands and execute …
Read Article SAP Security Notes, December 2017

SAP Solution Manager is ITIL-Certified for Information Security Management

Posted on
The SAP Integration and Certification Center (ICC) has been validating and certifying solutions from partners and software vendors for over twenty years. The certifications provided by the ICC are based on rigorous testing and enable customers to invest with confidence in technologies that integrate with SAP solutions. This includes technologies that support security scenarios such …
Read Article SAP Solution Manager is ITIL-Certified for Information Security Management

SAP Security Notes, November 2017

Posted on
Note 2357141 includes updated instructions for removing a critical OS command injection vulnerability in Report for Terminology Export. This is a component of the Basis area Terminology and Glossary (transaction STERM) used to maintain standard terminology for management reporting, financial controlling, product development, and other areas.  Report for Terminology Export does not sufficiently validate user …
Read Article SAP Security Notes, November 2017

5 Common Myths for Security Monitoring with SAP Solution Manager

Posted on
Does Solution Manager have a complex installation process? Is it difficult to maintain? Does it create dangerous connections with SAP systems? Is it a high value target for attackers? Does it provide no support for zero-day vulnerabilities? This article tackles the five most common myths about SAP Solution Manager and reveals the truth behind the …
Read Article 5 Common Myths for Security Monitoring with SAP Solution Manager

Featured in SAPinsider: Secure Your SAP Landscapes with SAP Solution Manager 7.2

Posted on
Firewalls, intrusion detection systems, and antivirus solutions may not protect SAP systems against advanced cyberattacks. However, this does not necessarily mean that SAP customers have to license third-party vulnerability scanning or threat detection solutions to deal with the risk. The answer to their security questions may be closer than they realize. Bundled with standard and …
Read Article Featured in SAPinsider: Secure Your SAP Landscapes with SAP Solution Manager 7.2

SAP Security Notes, October 2017

Posted on
SAP issued an important update for Hot News Note 2371726 originally released in November 2016. The note addresses a code injection vulnerability in Text Conversion which enables SAP standard text to be replaced by industry specific text. Function module BRAN_DIR_CREATE in Text Conversion enables an authenticated development user to inject operating system commands and execute …
Read Article SAP Security Notes, October 2017

SAP Security Notes, September 2017

Posted on
Note 2408073 prepares systems to handle digitally signed SAP Notes. Digitally signed Notes will be issued by SAP in the future to protect against the risk of uploading Notes containing malware.  Digital signatures will support authentication and the identification of changes performed by attackers to SAP-delivered Notes.  SAP recommends only uploading digital signed Notes once …
Read Article SAP Security Notes, September 2017

Equifax Data Breach: Attackers Exploited an Unapplied Security Patch, not a Zero-Day Vulnerability

Posted on
On September 15, Equifax released a statement to confirm the initial attack vector that led to the compromise of personal information relating to 143 million consumers in the US, UK and Canada targeted an Apache Struts vulnerability within a web application that supports the organization’s online dispute portal. The patch for the vulnerability had been …
Read Article Equifax Data Breach: Attackers Exploited an Unapplied Security Patch, not a Zero-Day Vulnerability

SAP Security Notes, August 2017

Posted on
Note 2381071 patches a critical cross-site Ajax vulnerability in the Prototype JS library of BusinessObjects. Ajax is a method often used by JavaScripts to exchange data between servers and clients to update parts of web pages without refreshing or reloading entire pages.  This minimizes network bandwidth usage and also improves response times through rapid operations. …
Read Article SAP Security Notes, August 2017

Discover Vulnerable System Connections with Interface Monitoring

Posted on
Interface Monitoring provides the answer to one of the most vexing questions in SAP security: where are our vulnerable cross-system connections and how do we monitor them to ensure they’re not abused by attackers? Although Interface Monitoring, also known as Interface Channel Monitoring or ICMon, has been available in SAP Solution Manager since version 7.10 …
Read Article Discover Vulnerable System Connections with Interface Monitoring

SAP Security Notes, July 2017

Posted on
Note 2442993 deals with a high-risk vulnerability in the Host Agent for SAP HANA. The Host Agent is automatically installed with every SAP instance on NetWeaver 7.02 and higher. The stand-alone component is used for controlling and monitoring SAP and non-SAP instances, databases and operating systems. Note 2442993 recommends upgrading to version 7.21 PL25 to …
Read Article SAP Security Notes, July 2017