Almost every SAP install has security holes

Founded in 1972, SAP is a leading provider of business software solutions and applications. By total market capitalization, SAP is the third largest manufacturer in the world with over 230.000 customers in more than 180 countries.

But somewhere here comes the bad news.secure security lock SAP

An impressive 95% of its business software applications SAP contain of high severity that could allow it to be breached, the researchers report.

Researchers from the Onapsis security company report that attackers can target all Sap installs, execute commands with admin rights, and create J2EE backdoors.

Onapsis Managing Director, Mariano Nunez he says that SAP's 250.000 customers are exposed for an average of 18 months from the moment vulnerabilities are discovered, since SAP needs about 12 months to develop a patch that "fixes" them.

"The truth is that most patches that are applied are unsafe, come late or introduce code that guarantees further risks."

The Boston firm found that SAP had released 391 patches over the past few years, half of which were marked as highly s.

Nunez for all of this, partly criticizes the SAP HANA feature that, as he says, is responsible for an increase in the order of 450% in the number of security patches.

“This trend is not only not continuing, it is getting worse with SAP HANA ... positioned at the center of the SAP ecosystem where the from SAP platforms.”

The worst of the discovered vulnerabilities have a level of seriousness 9,5 in major applications such as Sap SQL Anywhere and Sybase ESP.

"We are not just talking about the number of vulnerabilities, which is quite large, but also about the criticality," says ERPScan founder Alexander Polyakov.

Polyakov says:

"If experienced SAP developers can still leave such errors in their code, imagine what happens to SAP custom programs, and especially those outsourced to other companies. "Intense competition between outsourcing companies minimizes growth time and resources, which usually has a security impact."

Polyakov has published whitepapers detailing SAP vulnerabilities, penetration testing guidelines, and defenses.

Look at them whitepapers

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

adminalexanderinstallSAPcountries

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).