Search

Managing SAP roles can be incredibly complex and time-consuming for security teams. Often short-staffed and under time constraints, security admins are under a lot of pressure to ensure that roles are designed, developed, documented, modified, and provisioned in a timely manner. The process is particularly challenging for teams relying on manual role management processes. Not…

As part of the ERP audit process, your auditors will test the general controls in your ERP system. The objectives of General Computing Controls (GCC), also known as IT General Controls (ITGC) are to ensure: Access Management Risks and Controls One of the biggest risks to the integrity of ERP systems is that users may…

For most organizations, access certification is a routine exercise. But that does not make it any easier, especially if you are doing it manually. From the moment your review campaign starts, it’s usually a long and tedious process that involves creating spreadsheets that list users and their current roles, mailing these spreadsheets to all the…

When we think of threat management, we often assume that the most dangerous security threats come from external sources. All too often, we not only underestimate the likelihood of insider threats, but also the potential damage they can cause. Insider threat involves malicious activity within an organization that’s typically carried out by a current or…

SAP application breaches are more common than you might think, and one of the prime causes is unsecured ABAP code. Backdoors can creep into your code, either intentionally planted by malicious actors or through outdated, obsolete code and configuration errors. Such backdoors can become embedded in the massive number of ABAP code lines necessary for…

In the complex world of SAP enterprise systems, an underestimated security threat often slips under our notice – the RFC (Remote Function Call) callback attack. This exploit has particular relevance to SAP due to the nature of inter-system communication. In this article, we’ll unpack RFC callback exploits, their potential dangers, and how Pathlock can help…

The Pathlock Innovation Series (running 6/26-6/28) is a free, virtual event that will address today’s most critical challenges related to application governance, risk and compliance DALLAS, June 20, 2023 – Pathlock, the leading provider of cross-app internal controls automation, risk management and application security, announces the latest installment of the Pathlock Innovation Series. The free,…

SAP applications are crucial to business operations and, therefore, prime targets for cyber threats. Traditional IT security measures often prove insufficient, highlighting the urgent need for dedicated SAP vulnerability management and threat detection processes. In this article, we explore these strategies and use the analogy of securing an office building to demonstrate their necessity. Vulnerability…

SAP environments rely heavily on transports, which serve as a means of transferring changes between systems, implementing new functions, performing patches and updates, and installing third-party applications. Transports are crucial for effective change management processes in SAP. However, assessing their security risks across multiple SAP systems residing in complex, hybridized environments can be a challenge….