Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

The most important five ABAP™Programming Security Pitfalls

By Sükrü Birakoglu  -  January 22, 2018

The security of your ABAP™ applications begins in the minds of your developers and testers and is a central topic for IT security. In this blog article, we're discussing the most important ABAP™ programming security pitfalls. The ABAP™ Custom code can have vulnerabilities, allowing the attacker access the critical information in SAP® System and take control of productive SAP Systems. The five most typical ABAP™ Custom Code Vulnerabilities are:

Read More

We wish you a cosmic christmas

By Oliver Kirschnek  -  December 19, 2017

It has been a year of travelling at hyper-speed. But now it's time for a short stopover to give our engines and crew some well deserved rest and dispense some credits before we travel on. So we would like to thank our customers and partners for the inspirational suggestions and the trust in our knowledge, our experience, and our staff! Your support is the force that powers us, so we decided to send our faithful customers some unique Christmas gifts. But let's start at the beginning of the story. Early this year we decided to rebrand our website ( and to overthink the whole look and feel of our brand agileSI™ . Long story short - a new idea was born: "Houston we have full control!" What makes your enterprise run is the ERP. It’s the core system of your sales, accounting, inventory control, R&D, HR, and management. And odds are it’s based on SAP®. But is it secure? agileSI™ is the bridging technology between your SAP System and your SIEM solution. It gives you what you most need for defending SAP®, both from outside attacks and inside corruption: transparency. So in May 2017, we launched a new branding approach. And to match the new look and feel, we decided to take our dear customers on a trip with their own little spaceship as Christmas gift this year. To give you personal rocket inspiration, we have packed up a spaceship with shooting capability to defend you against various attacks! But there is more to this. You have challenged us all year with requests and suggestions, enabling us to constantly make our product even better and better. To express our gratitude we hereby challenge you! We came up with an idea to give you the opportunity to secure an exceptional Christmas gift prize. (Hint: It made the Kessel Run in less than twelve parsecs!) Our challenge: Use our gift! Take a snap of the spaceship in a cool situation and load it up on your social media account with the hashtag „#agilesirockets“ or send it directly to us ( It doesn‘t matter if you challenge your colleagues and organize a long-range shooting in your office or if you take an original selfie: The most creative picture of our spaceships in action will win our special prize. Let your inspiration take flight!

Read More

Success Story: Production of luxury items / Switzerland

By Oliver Kirschnek  -  October 20, 2017

The customer is employed in the field of luxury goods production and works with valuable materials. The merchandise management and production is supported by SAP® technology. Due to the value of the products and the materials used, special safeguards specifically tailored to the task are necessary for production. Various processes have been defined and integrated into SAP® via applications. The entire process can be completely monitored in this way. These customer-specific applications produce large quantities of SAP® data, which should be used for the monitoring and quality assurance of the production process. It had to be guaranteed that this data could be analysed in real time to enable fast response times and effective, automated monitoring.

Read More

SAP® Security: Recognition of ABAP™ Code Injection - Practical but dangerous

By Christoph Aschauer  -  October 19, 2017

External SAP® tools always use functions such as "RFC_ABAP_INSTALL_AND_RUN" to enable users to execute functions and ABAP™ programs on SAP® systems while bypassing the transport system. This is probably also the background for the recently discovered vulnerability CVE-2016-9832 in a software for testing user roles and rights. The risk potential lies in that ABAP™ developers are responsible for authorisation checks in SAP®. This means that there is no instance between ABAP™ coding and the database that verifies the permissibility of the instruction. If an attacker succeeds in injecting ABAP™ code, then all data manipulation options become available. For example, the execution of database operations via SQL could be possible without further authorisation checks. Depending on authorisation, it is also possible to execute operating system commands, or even perform activities on remote systems if these rely on an RFC connection.

Read More

Monitoring of SAP® HANA: full view instead of blind spot.

By Jan Klemenz  -  October 19, 2017

Since the introduction of SAP® HANA a few years ago, it's importance in various operating processes has been continually increasing. In the financial and analytics sectors, especially, the demand for SAP's in-memory database is growing disproportionately fast. This success can be explained by the increase in performance achieved by SAP® HANA compared to traditional databases such as DB2. The gain in performance is achieved by dispensing with hard disk space during data manipulation. The data is held in the main memory during processing and is periodically written back to the hard disk memory. In addition to the advantages offered by SAP® HANA, there are also hidden risks involved in applying new techniques. The company-critical data that SAP® HANA databases contain, especially in the financial and analytics sectors, are also a dream destination for hackers. A proof of this development is the increasing number of system patches provided by SAP®. They're intended to close vulnerabilities. This also shows that SAP® is turning more and more to the attention of attackers.

Read More

Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer