Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

The most important five ABAP™Programming Security Pitfalls

By Sükrü Birakoglu  -  January 22, 2018

The security of your ABAP™ applications begins in the minds of your developers and testers and is a central topic for IT security. In this blog article, we're discussing the most important ABAP™ programming security pitfalls. The ABAP™ Custom code can have vulnerabilities, allowing the attacker access the critical information in SAP® System and take control of productive SAP Systems. The five most typical ABAP™ Custom Code Vulnerabilities are:

Read More

We wish you a cosmic christmas

By Oliver Kirschnek  -  December 19, 2017

It has been a year of travelling at hyper-speed. But now it's time for a short stopover to give our engines and crew some well deserved rest and dispense some credits before we travel on. So we would like to thank our customers and partners for the inspirational suggestions and the trust in our knowledge, our experience, and our staff! Your support is the force that powers us, so we decided to send our faithful customers some unique Christmas gifts. But let's start at the beginning of the story. Early this year we decided to rebrand our website ( and to overthink the whole look and feel of our brand agileSI™ . Long story short - a new idea was born: "Houston we have full control!" What makes your enterprise run is the ERP. It’s the core system of your sales, accounting, inventory control, R&D, HR, and management. And odds are it’s based on SAP®. But is it secure? agileSI™ is the bridging technology between your SAP System and your SIEM solution. It gives you what you most need for defending SAP®, both from outside attacks and inside corruption: transparency. So in May 2017, we launched a new branding approach. And to match the new look and feel, we decided to take our dear customers on a trip with their own little spaceship as Christmas gift this year. To give you personal rocket inspiration, we have packed up a spaceship with shooting capability to defend you against various attacks! But there is more to this. You have challenged us all year with requests and suggestions, enabling us to constantly make our product even better and better. To express our gratitude we hereby challenge you! We came up with an idea to give you the opportunity to secure an exceptional Christmas gift prize. (Hint: It made the Kessel Run in less than twelve parsecs!) Our challenge: Use our gift! Take a snap of the spaceship in a cool situation and load it up on your social media account with the hashtag „#agilesirockets“ or send it directly to us ( It doesn‘t matter if you challenge your colleagues and organize a long-range shooting in your office or if you take an original selfie: The most creative picture of our spaceships in action will win our special prize. Let your inspiration take flight!

Read More

Success Story: Production of luxury items / Switzerland

By Oliver Kirschnek  -  October 20, 2017

The customer is employed in the field of luxury goods production and works with valuable materials. The merchandise management and production is supported by SAP® technology. Due to the value of the products and the materials used, special safeguards specifically tailored to the task are necessary for production. Various processes have been defined and integrated into SAP® via applications. The entire process can be completely monitored in this way. These customer-specific applications produce large quantities of SAP® data, which should be used for the monitoring and quality assurance of the production process. It had to be guaranteed that this data could be analysed in real time to enable fast response times and effective, automated monitoring.

Read More

SAP® Security: Recognition of ABAP™ Code Injection - Practical but dangerous

By Christoph Aschauer  -  October 19, 2017

External SAP® tools always use functions such as "RFC_ABAP_INSTALL_AND_RUN" to enable users to execute functions and ABAP programs on SAP® systems while bypassing the transport system. This is probably also the background for the recently discovered vulnerability CVE-2016-9832 in a software for testing user roles and rights. The risk potential lies in that ABAP developers are responsible for authorisation checks in SAP®. This means that there is no instance between ABAP coding and the database that verifies the permissibility of the instruction. If an attacker succeeds in injecting ABAP code, then all data manipulation options become available. For example, the execution of database operations via SQL could be possible without further authorisation checks. Depending on authorisation, it is also possible to execute operating system commands, or even perform activities on remote systems if these rely on an RFC connection.

Read More

Enroll and receive updates!

Popular posts