A new way how to check your SAP system for vulnerabilities
Recently I started a new project called Offline Security. Offline Security is new IT Security Project like no other. It is a client-server application for analyzing the security of SAP systems. You collect all the information necessary for generating reports yourself, it’s very easy! Next, you create a request to the server and get the results of the analysis in Excel file.
The ability to analyze systems for known vulnerabilities (SAP Security Notes) is already available. To do this, you just need to unload the names of installed software components and their versions from the target SAP system. We do not collect or require you to provide us with any information that identifies you or your Company, your request is completely anonymous. Therefore, information about installed software components is not sensitive – it does not contain SAPSIDs, names, or IP addresses which can be used to attack your systems. Even if hacker can intercept somehow such data, he can’t use it: There are Softs and vulnerabilities, but how to link it with particular SAP system and company?
What you need to try is to install Python 3.x and the offlinesec_client installer available here. All detailed documentation is also available at the link. Further, as mentioned earlier, you collect the necessary information and run a script to send information to the server and then – another script to get your report. Only you can download the report using generated token, communication with server is encrypted with HTTPS.
Let’s look at the report:
The report has a sorting and filter function, also on the first page there is advanced analytics on the number of notes found and their criticality. There is always the opportunity to write about your needs and ideas to me at firstname.lastname@example.org.
I encourage you to try it – it’s absolutely free and takes only 5 minutes. In addition, you can easily compare the results with the system you use and access its effectiveness and the result quality. Offline Security Knowledge Base comprises all SAP Security Notes released in 2015 – 2023 and is regularly updated. By the way, the second Tuesday of the month is coming soon – that means that new SAP Security Notes will be published – and you need to scan your SAP systems, now an additional tool is available for you – Offline Security! Stay tuned – new versions with even more functionality will be published soon.