GRC
HR
SCM
CRM
BI


Blog

 

GRC 2013 Amsterdam Presentation Tip - Cyber Attacks!

by Matthew Moore

April 16, 2013

The following is a preview of the session "Preventing Cyber Attacks: How to Address 11 Risks That Could Leave Your SAP System Vulnerable" by Mariano Nunez of Onapsis that will be presented at GRC 2013 in Amsterdam. You can find out what the other 9 security risks are and how to address them at the event in June.


BIZEC is a non-profit organization with the mission of analyzing current and future threats affecting ERP systems

Current initiatives covering SAP solutions:

  • APP/11: The most common ABAP security issues
  • TEC/11: The most common SAP Application Layer security issues
In this presentation, we will cover BIZEC TEC/11

11 Risks Affecting the SAP Application Layer

BIZEC TEC-01: MISSING SAP SECURITY NOTES
  • Risk:
    • ?The SAP platform is running based on technological components whose versions are affected by reported security vulnerabilities and the respective SAP Security Notes have not been applied
  • ?Business Impact:
    • ?Attackers would be able to exploit reported security vulnerabilities and perform unauthorized activities over the business information processed by the affected SAP system
BIZEC TEC-02: STANDARD USERS WITH DEFAULT PASSWORDS
  • Risk:
    • ?Users created automatically during the SAP system installation or other administrative procedures are configured with default, publicly-known passwords
  • Business Impact:
    • ?Attackers would be able to log in to the affected SAP system using a standard SAP user account. As these accounts are usually highly privileged, the business information would be exposed to espionage, sabotage, and fraud attacks.


For more information, visit the GRC 2013 website or follow me @mattmoorewis

An email has been sent to:






More from SAPinsider



COMMENTS

Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!


SAPinsider
FAQ