Blogs by

Alexander Polyakov

US-CERT alert on SAP Cyberattack On May 11, 2016, the Department of Homeland Security published the first-ever US-CERT Alert for cybersecurity of SAP business applications. Nonetheless, what we do know from public sources is that

Welcome to the second part of SAP Security for CISO series. This time, we will speak about SAP in particular and start from SAP Security for beginners. So, what is SAP? First of all, SAP

Last month, ISACA released the 4th edition of their book Security, Audit and Control Features SAP ERP. The previous version was published in 2009. Some updates include detailed security guides for assessing different SAP business

Hello, dear readers, Recently we have finished our series of articles on how to Secure SAP Systems from XXS vulnerabilities. Having a great success with the previous series, I decided to launch another series of

Today’s post is the last in the series of articles about XSS vulnerabilities in SAP systems. The previous parts describe how to prevent XSS in SAP NetWeaver ABAP and SAP NetWeaver J2EE. XSS is one

From the developer’s perspective For AS Java, the encoding is available as tc_sec_csi.jar. There is a static class and an interface which provides the encodings for HTML/XML, JavaScript, CSS and URL. Also it is available

We continue our series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. Today’s post describes how to protect SAP NetWeaver

ERPScan’s team core purpose is to take the definition of the SAP security one step further by providing its own guidelines to help SAP users carry out various security checks. We have covered : 9

In our previous article we’ve already covered how SAP ABAP Security Storage works. Today’s post is dedicated to SAP HANA Security Storage. SAP HANA is a recent key product of SAP. It is a software

There is the list of themes we have covered in previous articles: 9 the most important business application security critical issues [1],  patch management flaws [2], default passwords for access to the application [3], unnecessary