The following is a preview of the session "Preventing Cyber Attacks: How to Address 11 Risks That Could Leave Your SAP System Vulnerable" by Mariano Nunez of Onapsis that will be presented at GRC 2013 in Amsterdam. You can find out what the other 9 security risks are and how to address them at the event in June.
BIZEC is a non-profit organization with the mission of analyzing current and future threats affecting ERP systems
Current initiatives covering SAP solutions:
- APP/11: The most common ABAP security issues
- TEC/11: The most common SAP Application Layer security issues
In this presentation, we will cover BIZEC TEC/11
11 Risks Affecting the SAP Application Layer
BIZEC TEC-01: MISSING SAP SECURITY NOTES
- ?The SAP platform is running based on technological components whose versions are affected by reported security vulnerabilities and the respective SAP Security Notes have not been applied
- ?Business Impact:
- ?Attackers would be able to exploit reported security vulnerabilities and perform unauthorized activities over the business information processed by the affected SAP system
BIZEC TEC-02: STANDARD USERS WITH DEFAULT PASSWORDS
- ?Users created automatically during the SAP system installation or other administrative procedures are configured with default, publicly-known passwords
- Business Impact:
- ?Attackers would be able to log in to the affected SAP system using a standard SAP user account. As these accounts are usually highly privileged, the business information would be exposed to espionage, sabotage, and fraud attacks.
An email has been sent to: