SAP NetWeaver Application Server for Java

The SAP Web Dispatcher is a reverse proxy designed to work best with other SAP software solutions. While there exist many reverse proxy solutions from various software vendors out there, the SAP Web Dispatcher is maintained and supported by SAP, is... Read More »

Many years ago SAP deprecated the SAPCRYPTOLIB and introduced the CommonCryptoLib (CCL) as its successor. The CCL is not only a replacement for its predecessor but also for OpenSSL, which was used for example by SAP HANA in its early days (and up to... Read More »

In the previous blog posts, we have introduced profile data analyzer to analyze the profiling data (e.g. the ABAP trace, and the Java *.prf file), and how to use it to understand the program logic to support the performance tuning or other... Read More »

The enqueue log analyzer is a lightweight Java tool used to analyze the SAP enqueue logs. It provides answers to common Enqueue problems and saves your time during root cause analysis for Enqueue issues. In this blog post, I would like to share the... Read More »

About This Page We’d like to use this blog post to track the changes for profile data analyzer which is a standalone tool to systematically analyze issues from profiling data files (profiling files from SAP JVM Profiler or ABAP Runtime Analysis)... Read More »

SAP Host Agent, also known as SAPHostControl, offers web methods as SOAP Web Services to perform certain task on a host. The last security issue regarding a web method in SAP Host Agent dates back to 2017. Almost all documentations and write-ups... Read More »

SAP Instance Agent, also known as SAP Start Service or SAPStartSrv, offers web methods as SOAP Web Services to control a SAP instance. By default some of these web methods can be executed without prior authentication. This means every client with... Read More »

From my experience the RFC Gateway security is for many SAP Administrators still a not well understood topic. As a result many SAP systems lack for example of proper defined ACLs to prevent malicious use. After an attack vector was published in the... Read More »

From my experience the RFC Gateway security is for many SAP Administrators still a not well understood topic. As a result many SAP systems lack for example of proper defined ACLs to prevent malicious use. After an attack vector was published in the... Read More »

From my experience the RFC Gateway security is for many SAP Administrators still a not well understood topic. As a result many SAP systems lack for example of proper defined ACLs to prevent malicious use. After an attack vector was published in the... Read More »