Thank You!
We have received your request for a demo of our software. We will contact you within 1-2 business days to schedule the demonstration.
While you wait for the demonstration, here are some recently published articles speaking to securing your SAP systems.
SAP Vulnerability Assessment vs Penetration Testing
Vulnerability assessment and penetration testing both serve important functions for protecting business applications against security threats. The approaches are complementary but should be deployed sequentially. Penetration testing against systems and applications that have not been hardened based on the results of vulnerability assessments is inadvisable since the results are predictable. The objective of penetration testing …
SAP Security Notes, August 2019
Hot News Note 2800779 patches a remote code execution vulnerability in the SAP NetWeaver UDDI Server. The vulnerability carries a CVSS score of 9.9/10 and could be exploited to take complete control of the Services Registry, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the …
SAP Security Notes, July 2019
Hot News Note 2808158 patches a critical code injection vulnerability in the SAP Diagnostics Agent. The Agent is required to monitor operating systems and discover the database cluster topology from SAP Solution Manager. It is not required for monitoring the security of SAP systems with Solution Manager. Security-relevant data is collected or monitored primarily through …
Monitoring Security Alerts with SAP Solution Manager
There are several apps available in SAP Solution Manager for monitoring security alerts for SAP systems. The most longstanding is the Alert Inbox which provides an overview of alerts by process area. Guided procedures for investigating security alerts are executed from the Alert Inbox. Another option is System Monitoring which provides a more user-friendly interface …
Recommended Settings for SAP Logging and Auditing
The Cybersecurity Extension for SAP Solution Manager monitors SAP event logs to automatically detect and alert for indicators of compromise. The monitoring interval can be customized for each security metric based on risk and sizing. An interval of 60 seconds, for example, can support real-time threat detection. However, real-time detection is only useful when supported …
SAP Security Notes, June 2019
Note 2748699 provides instructions for securing the credentials of the standard user SM_EXTERN_WS in SAP Solution Manager. SM_EXTERN_WS is used by CA Introscope Enterprise Manager (EM) to collect monitoring metrics from mainly non-ABAP components in SAP landscapes. The metrics are collected via the Introscope Push web service. The credentials for SM_EXTERN_WS including the automatically generated …
Webinar Playback: Holistic SAP Cybersecurity with CVA & SolMan
Watch the playback of this month’s webinar to learn how you can implement holistic cybersecurity for your SAP systems with Code Vulnerability Analyzer and Solution Manager. CVA performs static code analysis to detect vulnerabilities in custom code. SAP Solution Manager detects vulnerabilities and threats in SAP systems including components such as the gateway server, message server …
SAP Security Notes, May 2019
Note 1408081 was updated in May in response to the recent 10KBLAZE exploits targeting vulnerabilities in the gateway server. The note includes revised instructions for maintaining access control lists in the gateway security files reg_info and sec_info for different kernel versions. The access control lists should be configured to control external server registrations and program …
10KBLAZE: Secure Your Systems with SAP Solution Manager
On May 2, the Department of Homeland Security issued an alert for SAP customers in response to the disclosure of new exploits targeting vulnerable SAP components. According to some reports, the so-called 10KBLAZE exploits could impact 90% of SAP installations worldwide. The exploits target misconfigurations in the gateway server and message server installed in most …
Webinar: 10KBLAZE – Secure Your SAP Systems with CVA and SolMan
According to a recent report, thousands of SAP installations may be vulnerable to 10KBLAZE exploits targeting SAP applications. Join SAP and Layer Seven Security to learn how to secure your SAP systems against the exploits with SAP Code Vulnerability Analyzer (CVA) and SAP Solution Manager. CVA performs static code analysis to detect vulnerabilities in custom …
SAP Security Notes, April 2019
Note 2747683 patches a vulnerability in the signature security mechanism of the Adapter Engine in SAP NetWeaver Process Integration (PI). The vulnerability could enable attackers to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. Such requests will be accepted by the PI Axis adapter even if the payload has …
Securing Administrative Access in SAP AS Java
The misuse of administrative privileges is a common method used by attackers to compromise applications and propagate attacks to connected systems. The elevated privileges granted to administrative accounts are a prized target for attackers and provide a fast path to accessing or modifying sensitive data, programs and system settings. User privileges for Java applications are …
SAP Security Notes, March 2019
Note 2764283 addresses an XML External Entity vulnerability in SAP HANA extended application services (XS), advanced. HANA XS does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space. Successful exploitation of the vulnerability could lead to the leading of arbitrary files in SAP servers or denial of …
Code Vulnerability Management with SAP Solution Manager
Custom Code Management (CCM) in SAP Solution Manager can enable you to take control of custom developments by providing transparency into custom objects in your SAP systems and analyzing the usage of custom code. It can also provide insights into security vulnerabilities in custom objects and packages. CCM provides an overview of the custom developments …
SAP Security Notes, February 2019
Hot News Note 2742027 patches a critical broken authentication check in SAP HANA Extended Application Services, advanced model. The vulnerability could lead to unauthorized administrative access and the exfiltration, modification or deletion of sensitive data in HANA XS. The vulnerability carries a CVSS score of 9.4/10. It ranks relatively low in terms of attack complexity …
Cyber Espionage Warning: 30% Growth in Targeted Attacks
The findings of the annual Internet Security Threat Report indicate that the number of organizations targeted by advanced hacking groups increased by almost one third between 2015 and 2018. The groups have not only substantially increased their cyber-espionage operations, they are also deploying increasingly sophisticated tactics against a growing number of sectors. National hacking groups such …
SAP Security Notes, January 2019
Hot News Note 2696233 deals with multiple vulnerabilities in the SAP Cloud Connector. The Connector is an agent that connects on premise systems with applications operating on the SAP Cloud Platform. The agent supports HTTP, RFC, JDBC/ODBC and other connections between on-premise and cloud installations using reverse invoke without requiring inbound ports to be opened …
Database Security with the Cybersecurity Extension for SAP
Protecting SAP systems against cyber threats requires integrated measures applied not just within the SAP layer but across the technology stack including network, operating system, and database components. As repositories of business-critical and sensitive information, databases warrant specific attention for hardening and monitoring efforts. This includes identifying and addressing configuration weaknesses, excessive privileges, and weak …
SAP Security Notes, December 2018
Hot News Note 2711425 patches a critical Cross-Site Scripting (XSS) vulnerability in SAP Hybris Commerce storefronts. The vulnerability could be exploited by attackers to modify web content and compromise user-related authentication data. It affects versions 6.2 through 6.7 and 18.08 of SAP Hybris Commerce, including all but the latest patch releases. The vulnerability carries a …
Layer Seven Security Recognized as an SAP Cybersecurity Leader
Layer Seven Security has been named as the leading SAP cybersecurity provider in the 2018 Top 10 SAP Solution Providers. According to the source of the study, Layer Seven Security provide a “unique and innovative approach to securing business-critical SAP systems against cyber threats”. The study recognizes Layer Seven as an “innovative force in the …
Webinar Recording: Security Analytics with SAP Web Intelligence
Watch the webinar replay to learn how to visualize security risks in your SAP systems using interactive reports in SAP Web Intelligence. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic charts and graphs and detailed …
SAP Security Notes, November 2018
Hot News Note 2622660 includes critical security updates for web browser controls delivered with SAP Business Client. The Client provides a unified environment for SAP applications including Fiori, SAP GUI, and Web Dynpro. It supports browser controls from Internet Explorer (IE) and Chrome for displaying HTML content. Security corrections for the WebBrowser control of the …
Webinar: Security Analytics with SAP Web Intelligence
Thu, Dec 13, 2018 11:00 AM – 12:00 PM EST Learn how to visualize security risks in your SAP systems using interactive reports in SAP Web Intelligence. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic …
Secure, Patch & Respond: Security Analytics with SAP Web Intelligence
SAP Web Intelligence enables users to visualize and manage security risks in SAP systems using interactive reports delivered through an intuitive web interface. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic charts and graphs and …