SAP Security Tips and Tricks, Trouble shooting problems, applying sap notes, support packages, upgradation, tweaks, audit, day to day jobs, security consultants’ activities etc.
Unpacking SAP Support packages (SAR/CAR) during SAP upgrades takes a lot of time and manual effort. Find out how a simple batch script can automate and unpack hundreds of SAP Support Packages in seconds.
This short blog gives an overview on how Security in SAP BW, Enterprise Portal and SAP HR is different from SAP R/3 Security.
All spool requests created after 2009/12/23 with deletion date exceeding 2010/01/01 are wrongly Y2K’ed as 2099/12/31 or 2100/01/01 regardless of their retention period specified during creation. These spool requests will not be deleted if the spool reorg job RSPO0041 or RSPO1041 is executed with a variant that selects requests according to their deletion data, and [...]
This blog lists some of the most important and highly recommended SAP Security Notes. Please consult with a security expert or a basis specialist before implementing these security notes.
A new user interface for monitoring operating system environment has been introduced by SAP, in my opinion it’s way better than ST06 or OS07
Given are a few guidelines for an effective SAP Portal implementation. Stay tuned for the amudee.com security series, a lot more to come..
During an SAP Portal Security review, I came across a scenario where HTTPOnly flag in session cookie was not set. Please checkout the recommendation given in this short blog.
In my earlier blog, I had promised to cover some of the most critical security issues that you may face sooner or later. So here are some pointers for you to re-evaluate your SAP Portal implementation and fix the significant issues before someone else breaks-in. Here is a POC with some snapshots.
In this series of blogs, I will be focusing more on the core SAP security, Portal, Netweaver and some other topics like XSS, So keep watching the space.
I recently came across a forged twitter website which is currently active and may cause severe damage to your online identity and privacy. This kind of attack is conducted for the purposes of information or identity theft.
SAP SDN Contributions
Recent Comments