Gartner Identity & Access Management Summit in London
The Gartner Identity & Access Management Summit in London is sponsored by SAP Kristian Lehment in Governance, Risk and Compliance, Identity Management, SAP NetWeaver Platform, Security [Feb. 09, 2012 08:13 AM | 0 Comments | Permalink]

Lessons learned from SAP GRC projects
SAP's Governance Risk and Compliance (GRC) solution has so much to offer that I can understand why some SAP customers might wonder if it is "overkill" or "too much for us." However, after several recent GRC projects, I am more convinced than ever that it has something for every SAP installation, large or small, public or privately held. I'll share some of my experiences, and you can see what you think. Gretchen Y Lindquist in Governance, Risk and Compliance, Business Process Expert, Identity Management, Security [Jan. 30, 2012 09:06 AM | 5 Comments | Permalink]

Point to Point Encryption: Do you have a Customer Service PCI Scope Problem?
Learning to protect the data that comes in through a PED (payment entry device) stephanie levine in Security [Jan. 24, 2012 12:32 AM | 0 Comments | Permalink]

Innovation Prize for SAP Labs France
SAP Labs France has won an honorable second place in the French-German Business Award 2011 in the category “Innovation”. The patrons of the award are the French Minister of Economy, Finance and Industry, François Baroin; and the German Federal Minister for Economics and Technology, Dr. Philipp Rösler. Laurent GOMEZ in SAP Research, Security, Travel and Logistics Services [Jan. 13, 2012 01:02 AM | 0 Comments | Permalink]

Assert4Soa: Advanced Security Service cERTificates for SOA
The Assert4Soa project aims at filling the gap between the need for lighter-weight, automatically processable security certificates and the current state of the practice. In order to do so, the Assert4Soa consortium is committed to producing novel techniques and tools for expressing, assessing and certifying security properties for service-oriented applications, composed of distributed software services that may dynamically be selected, assembled and replaced, and running within complex and continuously evolving software ecosystems. Antonino SABETTA in Service-Oriented Architecture, Security, SAP Research [Jan. 03, 2012 04:03 AM | 2 Comments | Permalink]

How to setup the SAP Web Dispatcher with SSL Re-encryption?
There are three different scenarios involving the SAP Web Dispatcher (WDP) and HTTPS access: SSL Termination (in the WDP), SSL Re-encryption and End to End SSL. This article will present the second scenario. Cristiano Hansen in ABAP, Application Server, Security [Dec. 30, 2011 01:37 AM | 0 Comments | Permalink]

How to setup the SAP Web Dispatcher with End-to-End SSL?
There are three different scenarios involving the SAP Web Dispatcher (WDP) and HTTPS access: SSL Termination (in the WDP), SSL Re-encryption and End-to-End SSL. This article will present the third and last scenario. Cristiano Hansen in ABAP, Application Server, Security [Dec. 29, 2011 08:56 AM | 0 Comments | Permalink]

How to setup the SAP Web Dispatcher with SSL Termination?
There are three different scenarios involving the SAP Web Dispatcher (WDP) and HTTPS access: SSL Termination (in the WDP), SSL Re-encryption and End to End SSL. This article will present the first scenario. Cristiano Hansen in ABAP, Application Server, Security [Dec. 27, 2011 11:05 PM | 5 Comments | Permalink]

How to enable SSO using X.509 client certificates in the WAS ABAP?
Instead of using the user ID and password to access a service from the Web Application Server ABAP via HTTPS, one can use a client certificate for authentication purposes. Cristiano Hansen in ABAP, Security [Dec. 25, 2011 11:05 PM | 2 Comments | Permalink]

How to create the CSR and how to import the certificate response?
The process of creating a certificate request (CSR) and import the certificate response, received from the CA, is not always simple as it looks like. The object here is to make life easier using the principle: "a picture is worth a thousand words". Cristiano Hansen in ABAP, Security [Dec. 25, 2011 11:04 PM | 1 Comments | Permalink]

How to replace the SSL server Standard PSE?
Recently CAs around the world decided to sign certificate requests with key length equal to 2048 bits. If you have a PSE with key length equal to 1024 bits, then you cannot create such certificate request (with 2048 bits). The solution is replacing the SSL PSE and then adjusts the Key Length property. Cristiano Hansen in ABAP, Security [Dec. 25, 2011 11:03 PM | 0 Comments | Permalink]

A deeper look at Sybase: Column encryption in Sybase ASE
One of the many features of Sybase ASE is the ability to encrypt individual columns of a database table. This can be used to achieve some seemingly contradictory requirements for data security, application transparency and user-friendliness. Rob Verschoor in Beyond SAP, Security [Dec. 22, 2011 02:44 PM | 0 Comments | Permalink]

New Virus Scan Interface (V2) to be available soon
SAP decided to develop the next version of the virus scan interface (known as NW-VSI) and make that available in 2012. Kristian Lehment in Application Server, Integration and Certification, SAP NetWeaver Platform, Security, Software Support and Maintenance [Dec. 21, 2011 03:35 AM | 0 Comments | Permalink]

How to export the Private Key from a SSL PSE?
It is quite often the need to export the private key from a PSE to reuse in a different web server of other network device (e.g. a reverse proxy). You will find the steps on how to do it here. Cristiano Hansen in ABAP, Security [Dec. 18, 2011 10:51 PM | 0 Comments | Permalink]

Three major file problems MFT solves
While Managed File Transfer (MFT) has many things to offer, its greatest value can be distilled from the three most significant problems it helps eliminate. Aduncan in Best-Built Applications, Business Process Management, Governance, Risk and Compliance, Product Lifecycle Management, Security [Dec. 16, 2011 09:48 AM | 0 Comments | Permalink]

Mobility and Security: holier than thou?
A little rant about mobility and security. See Dilbert's opinion. Tom Van Doorslaer in Mobile, Ranting, Security [Dec. 16, 2011 04:25 AM | 5 Comments | Permalink]

Solution Manager System Recommendations feature review
Find out what Change Management - System Recommendations in SAP Solution Manager is about and to what extent the tool delivers added value. Tom Cenens in SAP NetWeaver Platform, SAP Solution Manager, Security [Dec. 13, 2011 10:36 AM | 4 Comments | Permalink]

Security on Netweaver 7.3 webservices
How to implement HTTP security on webservices in NW 7.3 Daniel Graversen in Security, Standards [Dec. 01, 2011 01:09 PM | 0 Comments | Permalink]

Discovering the user who imported request in an environment.
English:With this blog you know which user imported a request. Portuguese: Com esse blog você irá saber qual usuário importou uma request. Bruno Xavier in ABAP, ERP, Security [Nov. 21, 2011 12:44 AM | 0 Comments | Permalink]

What's the cost of a data breach? New study provides insights
Norman Marks in Business Process Expert, Governance, Risk and Compliance, Security [Nov. 10, 2011 02:53 PM | 0 Comments | Permalink]

Using SAP Passports (X.509 client certs) in the SAP Web AS ABAP
Using X.509 client certificates (SAP Passports) Provided by the SAP Trust Center Service in your SAP Netweaver ABAP server Christopher Leonard in ABAP, Application Server, Identity Management, Security [Oct. 28, 2011 06:10 AM | 0 Comments | Permalink]

Security management on Service-based SCM Control system
Following a serie of posts on Aspect-Oriented Programming and its applications, we are presenting an idea developped in a recent publication. It shows how AOP can ease enforcement of cross-cutting concerns, with the illustration of security concerns management in service-based supply chain management systems. Gabriel SERME in SAP Research, Security, Service-Oriented Architecture [Oct. 26, 2011 06:43 PM | 0 Comments | Permalink]

PwC Global Information Security Study
Norman Marks in Security, Governance, Risk and Compliance, Financial Excellence, Business Process Expert [Oct. 21, 2011 11:47 AM | 0 Comments | Permalink]

Security Vulnerabilities Detection and Protection Using Eclipse
This blog entry presents an innovative security vulnerabilities detection system, using Eclipse workbench to leverage agile and decentralized approach in day-to-day developers' life. Gabriel SERME in SAP Research, Application Server, Eclipse, Java Programming, Security [Oct. 14, 2011 12:10 AM | 1 Comments | Permalink]

Protiviti study on IT auditing raises more questions than it answers
Norman Marks in Business Process Expert, Business Process Management, Governance, Risk and Compliance, Security [Oct. 07, 2011 05:13 PM | 0 Comments | Permalink]

SAP GRC: The 3 stages of “Post-GRC Implementation Syndrome”
So you’re on a GRC (Governance, Risk and Compliance) project and your client turns to you and asks, “Ok, so now we’re implemented, what’s the best way to tackle these issues?” We’ve all been there. Staring at a client, wondering what is the best possible way to answer that question and replying with the most infamous line a consultant uses: …. “Well, it depends” Peter Cortes in Governance, Risk and Compliance, Professional Services, SAP Developer Network, Security [Sep. 27, 2011 05:54 PM | 0 Comments | Permalink]

Mobile Device Management - Get the low down in this Q&A session
Managing the Bring Your Own Device (BYOD) trend is a reality that many companies are starting to get to grips with, but even where employees are provided a mobile device to use, there are many challenges to take into consideration. In this blog, I wanted to start with the basics and ask some of the questions I have about Mobile Device Management (MDM). Simon Kemp in Beginner, Mobile, On Demand and Software as a Service (SaaS), Security [Sep. 27, 2011 03:44 AM | 0 Comments | Permalink]

WSNSCM'11 Workshop
We proudly organised the WSNSCM workshop related to the integration of Wireless Sensor Networks into Supply Chain Management systems. This workshop has been held jointly with the NetWare conference, held in Saint Laurent du Var, France, from the 21st to the 27th of August(http://www.iaria.org/conferences2011/WSNSCM.html). Laurent GOMEZ in Security, Travel and Logistics Services [Sep. 19, 2011 11:37 AM | 0 Comments | Permalink]

Thursday at SAP TechEd
Thursday is usually a peak day at SAP TechEd, and this year was no exception. My agenda included a hands on session, an Expert Networking session, leading an Influence Council Update session, and more. Read on for the highlights. Gretchen Y Lindquist in SAP TechEd, Security [Sep. 16, 2011 07:00 AM | 0 Comments | Permalink]

Wonderful SAP GRC Wednesday at SAP TechEd 2011
Every year it seems to get more difficult to pace myself during my week at SAP TechEd. Along about Wednesday afternoon, I take a deep breath and remember that, despite that exhilarating feeling from attempting to drink from the fire hose for several days, there is still a lot of learning and networking ahead. Nevertheless, I pushed myself full throttle through a full day of SAP security and GRC learning, and a lot more. Read on for my take on Wednesday at SAP TechEd. Gretchen Y Lindquist in Governance, Risk and Compliance, SAP TechEd, Security [Sep. 15, 2011 12:58 AM | 4 Comments | Permalink]

Have it your way!
Currecnt influence activities from customer to SAP. A partnership to improve how we use SAP. Participate ate TecEd or remotely. Greg Capps in Business Intelligence (BusinessObjects), CRM, Governance, Risk and Compliance, SAP TechEd, Security [Sep. 14, 2011 01:14 PM | 2 Comments | Permalink]

Around the SAP solution map: HANA and more on Tuesday at SAPTechEd 2011
Today, Tuesday, was the first official day of SAP TechEd, and my agenda was, as usual, jam packed with learning and networking opportunities, on a wide variety of SAP solutions. Fasten your seat belt and hang on, then read on for the wild ride! Gretchen Y Lindquist in SAP TechEd, Security, SAP Network TV [Sep. 14, 2011 08:41 AM | 0 Comments | Permalink]

Advanced SAP Authorization for Global Collaboration
As companies consolidate systems and business processes in global deployment, SAP security professionals and architects are required to address a broader set of authorization requirements. This blog discusses an approach to provide fine grained authorization while ensuring sustainability. EK Koh in Aerospace and Defense, Chemicals, Enterprise Architecture, Product Lifecycle Management, Security [Sep. 14, 2011 02:02 AM | 0 Comments | Permalink]

Automatic User Review (Deactivation and Deletion)
Very generic question - How to automate user review, deactivation and deletion process in older versions (other than Netweaver) Till the time I am very much confused and did a manual work on user Audits and reviews. Whenever I want to get the user list (Active) I used to go to the report and prepare an excel sheet and send the list to the concern person to lock, deactivate and delete the user ids in landscape. Continueous user review is one of the key point in every Audit, where there be some misses. Finally I found a solution to automate the review and action part. For recent releases and 3rd party tools(which supported by SAP) User review, validation is not a big deal to handle automatically. But many of the customers still running their landscapes on older versions. SAP recommends to run each and every landscape as latest but might not be possible at a time. At least till upgrade I/We can use the below process to automate the user review process. I have configured these process in 2 different methods (One is for temp users second is for all Non-Temp users). Nick Loy in Application Lifecycle Management, Governance, Risk and Compliance, Idea Place, Security [Sep. 12, 2011 12:18 AM | 0 Comments | Permalink]

Security at TechEd
Worried about the application security of your entire system landscape? Kristian Lehment in Governance, Risk and Compliance, Identity Management, SAP TechEd, Security [Sep. 11, 2011 06:34 PM | 0 Comments | Permalink]

SAP GRC: Risky Times call for "Back to Basics" for Businesses
Let’s take a look at the times we are in. Turbulent times will cause new risks to arise, so it can never hurt to strengthen risk management policy by remembering some basic principles of organizational risk management. Peter Cortes in Financial Excellence, Governance, Risk and Compliance, Professional Services, SAP Developer Network, Security [Sep. 05, 2011 07:13 AM | 0 Comments | Permalink]

Bringing Down The House
Did you know they were out there? Are you going to let them in? We all have choices which impact the security of our environments. With shock presenters providing steps to hack into SAP applications, you should work on a defense that includes a review of security notes. Greg Capps in Governance, Risk and Compliance, Ranting, Security, Software Support and Maintenance [Sep. 04, 2011 01:42 PM | 6 Comments | Permalink]

What security and compliance professionals can learn at SAP TechEd
If you are still on the fence about attending SAP TechEd in Las Vegas this year, or are not sure if there will be enough content worth your time in the Security, Compliance, Access and Identity Management track, let me assure you that there will be more than enough learning opportunities to fill your week. Read on for the scoop. Gretchen Y Lindquist in Governance, Risk and Compliance, Identity Management, SAP TechEd, Security [Aug. 24, 2011 08:27 AM | 0 Comments | Permalink]

BPC 10 for NetWeaver Authentication Scenarios
One of the major differences in BPC 10 for NetWeaver from previous releases is that all client to server traffic from the EPM Add-In (Office client) and Web client go through NetWeavers WAS (Web Application Server) as opposed to the .NET server. Since the web server performs authentication services, this change brings new options and security considerations to the table. This blog highlights the supported authentication mechanisms in this new release. Daniel Settanni in Business Process Expert, Enterprise Performance Management, Security [Aug. 17, 2011 01:59 PM | 0 Comments | Permalink]

Chem XML Message eStandards and CIDX Scenario Part III
In my earlier blogs efforts are made to explain about CIDX standards, how to design and configure the object to support CIDX communication. I would like to make your experience pleasant and fruitful with CIDX communication through this blog. This blog covers those intricate details in regard to security, certificates through simple steps, focusing on PI 7.1 Suraj Pabbathi in SAP Process Integration (PI), Security [Aug. 15, 2011 09:59 PM | 0 Comments | Permalink]

SAP Security at the Black Hat conference #sapadmin
Hype about Security vulnerabilities is damaging, because it focuses attention on inappropriate areas. However, SAP produces a lot of very complex code, and while they test the products as much as they can, security vulnerabilities do exist in shipped products. Martin English in Business Solutions, ERP, Ranting, SAP NetWeaver Platform, Security [Aug. 05, 2011 06:00 AM | 6 Comments | Permalink]

Four Myths of a SAP GRC Implementation
When senior management announces that your business will being going through a large scale IT implementation it is normally as welcomed as a trip to the dentist. This is especially true when going through not only an IT Implementation, but one that is supposed to identify and solve risk and control issues throughout your entire business. Yes, I’m talking about Governance, Risk and Compliance (GRC). Peter Cortes in Governance, Risk and Compliance, SAP Developer Network, Security [Aug. 04, 2011 06:05 AM | 0 Comments | Permalink]

Impact of Maintaining Debug Users in BPC NW
This blog details the impacts due to debug user maintained in BPC NW system. G.Vijaya Kumar in Business Process Expert, Enterprise Performance Management, Security [Jul. 26, 2011 08:22 AM | 0 Comments | Permalink]

Innovation in GRC: Friend or Foe when it comes to Risk Management and Efficiency?
The mere topic of innovation seems to have a watered down meaning in today’s economy. When asked, everyone says it’s important but then most businesses’ funding priorities don’t reflect that thought. Companies want innovation. They want a better way of doing business; they want operations streamlined, efficient, and compliant, along with any other ‘buzz’ word that comes to mind. However, seldom do you hear about businesses taking a proactive approach when it comes to meeting these demands. Decision makers tell managers to be “Lean” and cut costs and oh, by the way, don’t forget to stay innovative and keep our competitive edge. Peter Cortes in Governance, Risk and Compliance, SAP Developer Network, Security, Standards [Jul. 25, 2011 09:36 PM | 0 Comments | Permalink]

Café Innovation – Smartphones on the battlefield?
The notion of “business as usual” is changing. Use of smartphones might become mainstream in organizations that have traditionally sought to be cautious about adopting commercial communication technology. This should be an indication to organizations hesitating to adopt mobility that the world around them continues to change rapidly. They need to embark on their own mobility journey sooner rather than later. Puneet Suppal in Business Process Expert, Defense, Mobile, Public Sector, Security [Jul. 21, 2011 02:29 PM | 0 Comments | Permalink]

SAP Security for dummy ABAP developers: False believes
Blog about the false believes of the ABAP developers about the Security. Gold Otto in ABAP, Beginner, Security [Jul. 17, 2011 05:46 AM | 5 Comments | Permalink]

SAP Security for dummy ABAP developers: Opening
Brief overview of what one can do to produce more secure development and the way I learnt about it. Gold Otto in ABAP, Beginner, Security [Jul. 14, 2011 04:22 AM | 5 Comments | Permalink]

RESCUEIT at Seagital
SAP Research presented the RESCUEIT prototype at the Seagital Conference. Seagital is gathering international maritime professionals and innovative software companies. RESCUEIT is the first French German research project, funded by ANR and BMBF, in the scope of the secure supply chain management system. 8 academic and industrial partners are involved in RESCUEIT, together with end-users such as REWE, Kuhne and Nagel, Dr Oectker, Groupe Casino, Baam, Eisbar. Laurent GOMEZ in ERP, Security, Travel and Logistics Services [Jul. 07, 2011 11:28 AM | 8 Comments | Permalink]

Extracting content from a P7M file
Decrypting PKCS7 signed files Paolo Romano in Code Exchange, Security, Service-Oriented Architecture [Jun. 26, 2011 01:36 AM | 2 Comments | Permalink]

Relax - the 1980's all over again - with Mobile Devices
It's the 1980's all over again except end users are deploying mobile handheld solutions instead of PC's. Workers are buying their own equipment and bringing it to work with them. Professionals in IT need to secure, control, and monitor the wild collection of BlackBerry, iPAD, iPOD, Android, Smartphones, PlayBooks and Tablets. Consumers are bringing them to work, and it's out of control. SAP Sybase Afaria to the rescue ! Whether it's in the office, the store, the warehouse, or on the road, user's want instant access to apps and information. Colin Haig in Mobile, Retail, Security, Software Support and Maintenance, Wholesale Distribution [Jun. 16, 2011 09:40 AM | 2 Comments | Permalink]