Alexander Polyakov's Blog (25)

SAP NetWeaver ABAP Security Configuration Part 3: Unnecessary Functionality

Third critical area. Unnecessary functionality

What is the most common problem of any more or less complex application? In essence, they almost always have numerous unnecessary functions aimed to perform multiple tasks. 

Obviously, that makes the whole system vulnerable. The more functionality is available, the higher becomes the number of vulnerabilities. "Complexity Kills Security" 

More importantly, all those functions are enabled by default right from the…

Continue

Added by Alexander Polyakov on February 11, 2015 at 3:33pm — No Comments

SAP NetWeaver ABAP security configuration part 2: Default passwords for access to the application

Second critical category. Default passwords for access to the application



For the two previous weeks we’ve been discussing the top-9 critical areas and the 33 steps to be taken for security assessment. Ultimately, we’ve covered patch management flaws - the first critical category in our list. As you should have probably guessed, today it’s time we take a closer look at the next item from our list of critical issues - default passwords.

It is a wide reaching…

Continue

Added by Alexander Polyakov on February 2, 2015 at 9:30pm — No Comments

SAP NetWeaver ABAP Security Configuration Part 1: Patch Management

First critical issue. Patch management flaws

In our previous articles we’ve already introduced you to the list of the 9 most important business application security critical issues. We’ve also had a chance to present to you the skeleton of our guideline with its 33 security assessment steps. As you’ve seen only the skeleton of it, now it’s high time to pay attention to a more detailed explanation of each step to be taken.

In order to insure full-scale system security it…

Continue

Added by Alexander Polyakov on January 26, 2015 at 10:00pm — No Comments

Guideline for Secure Configuring SAP NetWeaver ABAP

With this article we are starting a new series of guidelines describing some basic assessment procedures one can carry out on various business applications that would help security professionals to expand their ERP systems’ immunity to attacks.

As we all know, ERP systems such as SAP may favour the quality of management of all the information and resources involved in a company's operations.

However, while ERP applications promote the way business processes are organized, they…

Continue

Added by Alexander Polyakov on December 8, 2014 at 2:00pm — No Comments

Why current SAP Security Guides Always Provide So Little Help?

This article will be about different guidelines, which can help to secure your SAP system. But nothing to worry about - this post will nevertheless remain useful and interesting, even if it does not contain information about 0-days or have no words like “cyber” or “weapon” in title. So, let’s go.

This blog post will be about new guideline, or standard, for securing - or testing of the security - of SAP implementations, which is going to be a first standard of the EAS-SEC standard…

Continue

Added by Alexander Polyakov on December 3, 2014 at 7:30pm — No Comments

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service