Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

SAP® Security: Recognition of ABAP™ Code Injection - Practical but dangerous

By Christoph Aschauer  -  October 19, 2017

External SAP® tools always use functions such as "RFC_ABAP_INSTALL_AND_RUN" to enable users to execute functions and ABAP™ programs on SAP® systems while bypassing the transport system. This is probably also the background for the recently discovered vulnerability CVE-2016-9832 in a software for testing user roles and rights. The risk potential lies in that ABAP™ developers are responsible for authorisation checks in SAP®. This means that there is no instance between ABAP™ coding and the database that verifies the permissibility of the instruction. If an attacker succeeds in injecting ABAP™ code, then all data manipulation options become available. For example, the execution of database operations via SQL could be possible without further authorisation checks. Depending on authorisation, it is also possible to execute operating system commands, or even perform activities on remote systems if these rely on an RFC connection.

Read More

Monitoring of SAP® HANA: full view instead of blind spot.

By Jan Klemenz  -  October 19, 2017

Since the introduction of SAP® HANA a few years ago, it's importance in various operating processes has been continually increasing. In the financial and analytics sectors, especially, the demand for SAP's in-memory database is growing disproportionately fast. This success can be explained by the increase in performance achieved by SAP® HANA compared to traditional databases such as DB2. The gain in performance is achieved by dispensing with hard disk space during data manipulation. The data is held in the main memory during processing and is periodically written back to the hard disk memory. In addition to the advantages offered by SAP® HANA, there are also hidden risks involved in applying new techniques. The company-critical data that SAP® HANA databases contain, especially in the financial and analytics sectors, are also a dream destination for hackers. A proof of this development is the increasing number of system patches provided by SAP®. They're intended to close vulnerabilities. This also shows that SAP® is turning more and more to the attention of attackers.

Read More

Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer