SlideShare uma empresa Scribd logo

Sitnl 2012 erp security

Twan van den Broek
Twan van den Broek

Security? For sure I'll break SAP. Oh and I will also tell how to fix it again... Joris van de Vis ERP-SEC

Negócios
1 de 15
Baixar para ler offline
sitNL 2012 Ciber, Eindhoven, December 8, 2012
Agenda o Introduction o SAP Security in the news o So how about SAP and Security, Some myths... o SAP Security, the problem... o Why bother? o Show me the money!!! o How to be safe instead of sorry o Bizec © 2012 ERP Security 2
Introduction Who am I  SAP Technology specialist for profit and fun  SAP Security researcher for fun (not for profit)  Reported over 30 vulnerabilities to SAP Security team  Co-founder ERP Security http://scn.sap.com/docs/DOC-8218 © 2012 ERP Security 3
We’ve all seen these... © 2012 ERP Security 4
But this is rather new... © 2012 ERP Security 5
So how about SAP and Security Some myths.... Technical Risks in SAP are basically the same as for other IT systems Except the value of the data stored in SAP is often much higher. Yet SAP Security is still mainly related to Segregation of Duties. Why? Some myths • SAP platforms are only accessible internally • SAP is expensive, so it must be secure • SAP Security = Segregation of Duties • SAP systems are not targeted by hackers • SAP Security is SAP’s problem • We are compliant, so we are secure © 2012 ERP Security 6
SAP Security The problem... The Problem Number of released SAP Security Notes 1 2 • Lack of awareness with customers 1000 • Lack of Time with customers 800 • High Complexity 600 400 • Lack of Budget 200 • Lack of good Figures 0 2001 2002 2003 2004 2005 2006 • Too much focus on SoD 2007 2008 2009 2010 2011 2012 • Build on code-base back from the 80’s / 90’s. Note1: value for 2012 is linearly extrapolated from 01.10.2012 • Often more than 6-12 months behind with patches Note2: December 2010 is excluded due to a one-time release of 500+ notes • By default many Security features are switched OFF • ... © 2012 ERP Security 7
Why bother? The Obvious... Why bother about SAP Security? •To prevent losing business!!! •To prevent bad PR •To prevent losing customer confidence •To prevent Legal prosecution •To be in control •To prevent costs of incident handling Why bother about SAP Platform Security? •Because SoD can be easily bypassed •Often leaving no traces on SAP level © 2012 ERP Security 8
Show me the money!!! Some more examples of what might happen when you don’t secure your systems enough: • Executing of OS commands • Creating admin users • ... © 2012 ERP Security 9
How to be safe instead of sorry SAP Infrastructure security needs to be addressed holistically: • Remember there is no silver bullet • SAP Infrastructure security is complex and involves many disciplines, so first take a step back, analyze your current state of the landscape, do risk assessments, make a plan and execute and keep on working on it. • Get all parties involved, think about responsible people from Business, Risk management, Security Officers, DB team, OS team, Network team, SAP Basis team, SoD team, etc. • Teach / train users and administrators, work on general security awareness • Control the process, stay up-to-date, evaluate periodically. • Security is a process, not a state*! Embed it in the organization. * Bruce Schneier © 2012 ERP Security 10
How to be safe instead of sorry II Some key takeaways: • Patch regularly (duh...). Do this for Gui components, DB, OS, SAP and network • Use e.g. the System Recommendations for SAP Security notes • Take a look at the SAP Security guides that are relevant for you • Read the security whitepapers  • At least close down some high risk components like the gateway, unnecessary SICF services, etc. (See the guide) • Check RSUSR003 and get rid of DEFAULT passwords • Regularly review your landscape, don’t forget the open source tools * Bruce Schneier © 2012 ERP Security 11
Bizec Bizec. The main goals of BIZEC are:  Raising awareness, demonstrating that ERP security must be analyzed holistically.  Analyze current and future threats affecting these systems.  Serve as a unique central point of knowledge and reference in this subject.  Provide experienced feedback to global organizations, helping them to increase the security of their business-critical information.  Organize events with the community to share and exchange information. Join & contribute! www.bizec.org © 2012 ERP Security 12
Questions? © 2012 ERP Security 13
Need more info? Contact us... More information  See http://www.erp-sec.com Contact me on • jvdvis@erp-sec.com • @jvis © 2012 ERP Security 14
Disclaimer SAP, R/3, ABAP, SAP GUI, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. The authors assume no responsibility for errors or omissions in this document. The authors do not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. The authors shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of this document. SAP AG is neither the author nor the publisher of this publication and is not responsible for its content, and SAP Group shall not be liable for errors or omissions with respect to the materials. No part of this document may be reproduced without the prior written permission of ERP Security BV. © 2012 ERP Security BV. © 2012 ERP Security 15

Recomendados

Highlights SAPphire NOW 2014
Highlights SAPphire NOW 2014Highlights SAPphire NOW 2014
Highlights SAPphire NOW 2014Twan van den Broek
 
sitNL Security Update from SAP TechEd 2013
sitNL Security Update from SAP TechEd 2013sitNL Security Update from SAP TechEd 2013
sitNL Security Update from SAP TechEd 2013Twan van den Broek
 
Design Thinking with Field Service Engineers (VNSG UX)
Design Thinking with Field Service Engineers (VNSG UX)Design Thinking with Field Service Engineers (VNSG UX)
Design Thinking with Field Service Engineers (VNSG UX)Twan van den Broek
 
SAP communties rock!
SAP communties rock!SAP communties rock!
SAP communties rock!Twan van den Broek
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
Operationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitOperationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitSonatype
 
Chg3
Chg3Chg3
Chg3Hue College of Economics, Hue University
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 

Recomendados

Highlights SAPphire NOW 2014
Highlights SAPphire NOW 2014Highlights SAPphire NOW 2014
Highlights SAPphire NOW 2014Twan van den Broek
 
sitNL Security Update from SAP TechEd 2013
sitNL Security Update from SAP TechEd 2013sitNL Security Update from SAP TechEd 2013
sitNL Security Update from SAP TechEd 2013Twan van den Broek
 
Design Thinking with Field Service Engineers (VNSG UX)
Design Thinking with Field Service Engineers (VNSG UX)Design Thinking with Field Service Engineers (VNSG UX)
Design Thinking with Field Service Engineers (VNSG UX)Twan van den Broek
 
SAP communties rock!
SAP communties rock!SAP communties rock!
SAP communties rock!Twan van den Broek
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
Operationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitOperationalizing Red Teaming for Fun and Profit
Operationalizing Red Teaming for Fun and ProfitSonatype
 
Chg3
Chg3Chg3
Chg3Hue College of Economics, Hue University
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Cyber_Defense_Presentation
Cyber_Defense_PresentationCyber_Defense_Presentation
Cyber_Defense_PresentationCristal Hermosillo
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
SAP HANA Cloud Security
SAP HANA Cloud SecuritySAP HANA Cloud Security
SAP HANA Cloud SecurityGaurav Ahluwalia
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk 7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk Hector Del Castillo, CPM, CPMM
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
SAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - OverviewSAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - OverviewMatthias Steiner
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 
The importance of applying SAP patches (Joris van de Vis)
The importance of applying SAP patches (Joris van de Vis)The importance of applying SAP patches (Joris van de Vis)
The importance of applying SAP patches (Joris van de Vis)Twan van den Broek
 
Managing SAP Custom Code
Managing SAP Custom CodeManaging SAP Custom Code
Managing SAP Custom CodeTony de Thomasis
 
Technical presentation
Technical presentationTechnical presentation
Technical presentationזיו מורנו
 
Inception of the SAP Platforms Brain: Attacks on SAP Solution Manager
Inception of the SAP Platforms Brain: Attacks on SAP Solution ManagerInception of the SAP Platforms Brain: Attacks on SAP Solution Manager
Inception of the SAP Platforms Brain: Attacks on SAP Solution ManagerOnapsis Inc.
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easyERPScan
 
SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018jvandevis
 
Unbreakable oracle er_ps_siebel_jd_edwards
Unbreakable oracle er_ps_siebel_jd_edwardsUnbreakable oracle er_ps_siebel_jd_edwards
Unbreakable oracle er_ps_siebel_jd_edwardsOnapsis Inc.
 
Cloud Security by CK
Cloud Security by CKCloud Security by CK
Cloud Security by CKNarinrit Prem-apiwathanokul
 
How to get value from your multi-channel lead gen programme - Cyance
How to get value from your multi-channel lead gen programme - Cyance How to get value from your multi-channel lead gen programme - Cyance
How to get value from your multi-channel lead gen programme - CyanceB2B Marketing
 
P2 2-jochen rode
P2 2-jochen rodeP2 2-jochen rode
P2 2-jochen rodeDigital Business Innovation Community
 
Effective load testing_&_monitoring
Effective load testing_&_monitoringEffective load testing_&_monitoring
Effective load testing_&_monitoringganesh_barcamp
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?michelemanzotti
 

Mais conteúdo relacionado

Destaque

Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security TestingPECB
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
SAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - OverviewSAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - OverviewMatthias Steiner
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 

Destaque (10)

Cyber_Defense_Presentation
Cyber_Defense_PresentationCyber_Defense_Presentation
Cyber_Defense_Presentation
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
SAP HANA Cloud Security
SAP HANA Cloud SecuritySAP HANA Cloud Security
SAP HANA Cloud Security
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security Testing
 
7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk 7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
SAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - OverviewSAP HANA Cloud Platform - Overview
SAP HANA Cloud Platform - Overview
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
 

Semelhante a Sitnl 2012 erp security

The importance of applying SAP patches (Joris van de Vis)
The importance of applying SAP patches (Joris van de Vis)The importance of applying SAP patches (Joris van de Vis)
The importance of applying SAP patches (Joris van de Vis)Twan van den Broek
 
Inception of the SAP Platforms Brain: Attacks on SAP Solution Manager
Inception of the SAP Platforms Brain: Attacks on SAP Solution ManagerInception of the SAP Platforms Brain: Attacks on SAP Solution Manager
Inception of the SAP Platforms Brain: Attacks on SAP Solution ManagerOnapsis Inc.
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easyERPScan
 
SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018jvandevis
 
Unbreakable oracle er_ps_siebel_jd_edwards
Unbreakable oracle er_ps_siebel_jd_edwardsUnbreakable oracle er_ps_siebel_jd_edwards
Unbreakable oracle er_ps_siebel_jd_edwardsOnapsis Inc.
 
How to get value from your multi-channel lead gen programme - Cyance
How to get value from your multi-channel lead gen programme - Cyance How to get value from your multi-channel lead gen programme - Cyance
How to get value from your multi-channel lead gen programme - CyanceB2B Marketing
 
Effective load testing_&_monitoring
Effective load testing_&_monitoringEffective load testing_&_monitoring
Effective load testing_&_monitoringganesh_barcamp
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?michelemanzotti
 
Technical SEO Metrics - SMX West 2013 - Dave Lloyd, Adobe
Technical SEO Metrics - SMX West 2013 - Dave Lloyd, AdobeTechnical SEO Metrics - SMX West 2013 - Dave Lloyd, Adobe
Technical SEO Metrics - SMX West 2013 - Dave Lloyd, AdobeDave Lloyd
 
B2B Marketing Summit Lead Nurturing
B2B Marketing Summit Lead Nurturing B2B Marketing Summit Lead Nurturing
B2B Marketing Summit Lead Nurturing cyancemarketing
 
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2jvandevis
 
Do Visualizations help during development? Using Moose while coding.
Do Visualizations help during development? Using Moose while coding.Do Visualizations help during development? Using Moose while coding.
Do Visualizations help during development? Using Moose while coding.ESUG
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
(Oracle) DBA and Other Skills Needed in 2020
(Oracle) DBA and Other Skills Needed in 2020(Oracle) DBA and Other Skills Needed in 2020
(Oracle) DBA and Other Skills Needed in 2020Markus Michalewicz
 

Semelhante a Sitnl 2012 erp security (20)

The importance of applying SAP patches (Joris van de Vis)
The importance of applying SAP patches (Joris van de Vis)The importance of applying SAP patches (Joris van de Vis)
The importance of applying SAP patches (Joris van de Vis)
 
Managing SAP Custom Code
Managing SAP Custom CodeManaging SAP Custom Code
Managing SAP Custom Code
 
Technical presentation
Technical presentationTechnical presentation
Technical presentation
 
Inception of the SAP Platforms Brain: Attacks on SAP Solution Manager
Inception of the SAP Platforms Brain: Attacks on SAP Solution ManagerInception of the SAP Platforms Brain: Attacks on SAP Solution Manager
Inception of the SAP Platforms Brain: Attacks on SAP Solution Manager
 
SAP security made easy
SAP security made easySAP security made easy
SAP security made easy
 
SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018
 
Unbreakable oracle er_ps_siebel_jd_edwards
Unbreakable oracle er_ps_siebel_jd_edwardsUnbreakable oracle er_ps_siebel_jd_edwards
Unbreakable oracle er_ps_siebel_jd_edwards
 
Cloud Security by CK
Cloud Security by CKCloud Security by CK
Cloud Security by CK
 
How to get value from your multi-channel lead gen programme - Cyance
How to get value from your multi-channel lead gen programme - Cyance How to get value from your multi-channel lead gen programme - Cyance
How to get value from your multi-channel lead gen programme - Cyance
 
P2 2-jochen rode
P2 2-jochen rodeP2 2-jochen rode
P2 2-jochen rode
 
Effective load testing_&_monitoring
Effective load testing_&_monitoringEffective load testing_&_monitoring
Effective load testing_&_monitoring
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
 
Technical SEO Metrics - SMX West 2013 - Dave Lloyd, Adobe
Technical SEO Metrics - SMX West 2013 - Dave Lloyd, AdobeTechnical SEO Metrics - SMX West 2013 - Dave Lloyd, Adobe
Technical SEO Metrics - SMX West 2013 - Dave Lloyd, Adobe
 
IdM FinalVer
IdM FinalVerIdM FinalVer
IdM FinalVer
 
B2B Marketing Summit Lead Nurturing
B2B Marketing Summit Lead Nurturing B2B Marketing Summit Lead Nurturing
B2B Marketing Summit Lead Nurturing
 
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
 
Do Visualizations help during development? Using Moose while coding.
Do Visualizations help during development? Using Moose while coding.Do Visualizations help during development? Using Moose while coding.
Do Visualizations help during development? Using Moose while coding.
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
 
Odoo erp or sap erp
Odoo erp or sap erpOdoo erp or sap erp
Odoo erp or sap erp
 
(Oracle) DBA and Other Skills Needed in 2020
(Oracle) DBA and Other Skills Needed in 2020(Oracle) DBA and Other Skills Needed in 2020
(Oracle) DBA and Other Skills Needed in 2020
 

Mais de Twan van den Broek

How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)Twan van den Broek
 
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)Twan van den Broek
 
SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)Twan van den Broek
 
SAP HANA SQL Data Warehousing (Sefan Linders)
SAP HANA SQL Data Warehousing (Sefan Linders)SAP HANA SQL Data Warehousing (Sefan Linders)
SAP HANA SQL Data Warehousing (Sefan Linders)Twan van den Broek
 
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)Twan van den Broek
 
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)Beyond OData introducing the xmla model for ui5 (Roland Bouwman)
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)Twan van den Broek
 
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)Twan van den Broek
 
SQL Data Warehousing in SAP HANA (Sefan Linders)
SQL Data Warehousing in SAP HANA (Sefan Linders)SQL Data Warehousing in SAP HANA (Sefan Linders)
SQL Data Warehousing in SAP HANA (Sefan Linders)Twan van den Broek
 
SAP Predictive Analytics (Nico van der Hoeven)
SAP Predictive Analytics (Nico van der Hoeven)SAP Predictive Analytics (Nico van der Hoeven)
SAP Predictive Analytics (Nico van der Hoeven)Twan van den Broek
 
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)Twan van den Broek
 
Building an innovation culture - Powered by diversity
Building an innovation culture - Powered by diversityBuilding an innovation culture - Powered by diversity
Building an innovation culture - Powered by diversityTwan van den Broek
 
SAP Leonardo / Machine Learning (Iver van de Zand)
SAP Leonardo / Machine Learning (Iver van de Zand)SAP Leonardo / Machine Learning (Iver van de Zand)
SAP Leonardo / Machine Learning (Iver van de Zand)Twan van den Broek
 
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)Twan van den Broek
 
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)Masterclass Mendix (Jan Penninkhof / Twan van den Broek)
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)Twan van den Broek
 
Masterclass Machine Learning (Ronald Kleijn)
Masterclass Machine Learning (Ronald Kleijn)Masterclass Machine Learning (Ronald Kleijn)
Masterclass Machine Learning (Ronald Kleijn)Twan van den Broek
 
SAP Run Live Truck - SAP Cloud Platform use cases
SAP Run Live Truck - SAP Cloud Platform use casesSAP Run Live Truck - SAP Cloud Platform use cases
SAP Run Live Truck - SAP Cloud Platform use casesTwan van den Broek
 
Recap SAP Inside Track NL (sitNL)
Recap SAP Inside Track NL (sitNL)Recap SAP Inside Track NL (sitNL)
Recap SAP Inside Track NL (sitNL)Twan van den Broek
 
Welcome at SAP Inside Track NL (sitNL)
Welcome at SAP Inside Track NL (sitNL)Welcome at SAP Inside Track NL (sitNL)
Welcome at SAP Inside Track NL (sitNL)Twan van den Broek
 

Mais de Twan van den Broek (20)

How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
 
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
 
SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)
 
SAP HANA SQL Data Warehousing (Sefan Linders)
SAP HANA SQL Data Warehousing (Sefan Linders)SAP HANA SQL Data Warehousing (Sefan Linders)
SAP HANA SQL Data Warehousing (Sefan Linders)
 
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)
 
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)Beyond OData introducing the xmla model for ui5 (Roland Bouwman)
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)
 
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)
 
SQL Data Warehousing in SAP HANA (Sefan Linders)
SQL Data Warehousing in SAP HANA (Sefan Linders)SQL Data Warehousing in SAP HANA (Sefan Linders)
SQL Data Warehousing in SAP HANA (Sefan Linders)
 
SAP Predictive Analytics (Nico van der Hoeven)
SAP Predictive Analytics (Nico van der Hoeven)SAP Predictive Analytics (Nico van der Hoeven)
SAP Predictive Analytics (Nico van der Hoeven)
 
Blockchain for the Enterprise
Blockchain for the EnterpriseBlockchain for the Enterprise
Blockchain for the Enterprise
 
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)
 
Building an innovation culture - Powered by diversity
Building an innovation culture - Powered by diversityBuilding an innovation culture - Powered by diversity
Building an innovation culture - Powered by diversity
 
SAP Leonardo / Machine Learning (Iver van de Zand)
SAP Leonardo / Machine Learning (Iver van de Zand)SAP Leonardo / Machine Learning (Iver van de Zand)
SAP Leonardo / Machine Learning (Iver van de Zand)
 
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)
 
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)Masterclass Mendix (Jan Penninkhof / Twan van den Broek)
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)
 
Masterclass Machine Learning (Ronald Kleijn)
Masterclass Machine Learning (Ronald Kleijn)Masterclass Machine Learning (Ronald Kleijn)
Masterclass Machine Learning (Ronald Kleijn)
 
SAP Run Live Truck - SAP Cloud Platform use cases
SAP Run Live Truck - SAP Cloud Platform use casesSAP Run Live Truck - SAP Cloud Platform use cases
SAP Run Live Truck - SAP Cloud Platform use cases
 
Recap SAP Inside Track NL (sitNL)
Recap SAP Inside Track NL (sitNL)Recap SAP Inside Track NL (sitNL)
Recap SAP Inside Track NL (sitNL)
 
Welcome at SAP Inside Track NL (sitNL)
Welcome at SAP Inside Track NL (sitNL)Welcome at SAP Inside Track NL (sitNL)
Welcome at SAP Inside Track NL (sitNL)
 
Finding ABAP
Finding ABAPFinding ABAP
Finding ABAP
 

Último

Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 

Último (20)

Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 

Sitnl 2012 erp security

  • 1. sitNL 2012 Ciber, Eindhoven, December 8, 2012
  • 2. Agenda o Introduction o SAP Security in the news o So how about SAP and Security, Some myths... o SAP Security, the problem... o Why bother? o Show me the money!!! o How to be safe instead of sorry o Bizec © 2012 ERP Security 2
  • 3. Introduction Who am I  SAP Technology specialist for profit and fun  SAP Security researcher for fun (not for profit)  Reported over 30 vulnerabilities to SAP Security team  Co-founder ERP Security http://scn.sap.com/docs/DOC-8218 © 2012 ERP Security 3
  • 4. We’ve all seen these... © 2012 ERP Security 4
  • 5. But this is rather new... © 2012 ERP Security 5
  • 6. So how about SAP and Security Some myths.... Technical Risks in SAP are basically the same as for other IT systems Except the value of the data stored in SAP is often much higher. Yet SAP Security is still mainly related to Segregation of Duties. Why? Some myths • SAP platforms are only accessible internally • SAP is expensive, so it must be secure • SAP Security = Segregation of Duties • SAP systems are not targeted by hackers • SAP Security is SAP’s problem • We are compliant, so we are secure © 2012 ERP Security 6
  • 7. SAP Security The problem... The Problem Number of released SAP Security Notes 1 2 • Lack of awareness with customers 1000 • Lack of Time with customers 800 • High Complexity 600 400 • Lack of Budget 200 • Lack of good Figures 0 2001 2002 2003 2004 2005 2006 • Too much focus on SoD 2007 2008 2009 2010 2011 2012 • Build on code-base back from the 80’s / 90’s. Note1: value for 2012 is linearly extrapolated from 01.10.2012 • Often more than 6-12 months behind with patches Note2: December 2010 is excluded due to a one-time release of 500+ notes • By default many Security features are switched OFF • ... © 2012 ERP Security 7
  • 8. Why bother? The Obvious... Why bother about SAP Security? •To prevent losing business!!! •To prevent bad PR •To prevent losing customer confidence •To prevent Legal prosecution •To be in control •To prevent costs of incident handling Why bother about SAP Platform Security? •Because SoD can be easily bypassed •Often leaving no traces on SAP level © 2012 ERP Security 8
  • 9. Show me the money!!! Some more examples of what might happen when you don’t secure your systems enough: • Executing of OS commands • Creating admin users • ... © 2012 ERP Security 9
  • 10. How to be safe instead of sorry SAP Infrastructure security needs to be addressed holistically: • Remember there is no silver bullet • SAP Infrastructure security is complex and involves many disciplines, so first take a step back, analyze your current state of the landscape, do risk assessments, make a plan and execute and keep on working on it. • Get all parties involved, think about responsible people from Business, Risk management, Security Officers, DB team, OS team, Network team, SAP Basis team, SoD team, etc. • Teach / train users and administrators, work on general security awareness • Control the process, stay up-to-date, evaluate periodically. • Security is a process, not a state*! Embed it in the organization. * Bruce Schneier © 2012 ERP Security 10
  • 11. How to be safe instead of sorry II Some key takeaways: • Patch regularly (duh...). Do this for Gui components, DB, OS, SAP and network • Use e.g. the System Recommendations for SAP Security notes • Take a look at the SAP Security guides that are relevant for you • Read the security whitepapers  • At least close down some high risk components like the gateway, unnecessary SICF services, etc. (See the guide) • Check RSUSR003 and get rid of DEFAULT passwords • Regularly review your landscape, don’t forget the open source tools * Bruce Schneier © 2012 ERP Security 11
  • 12. Bizec Bizec. The main goals of BIZEC are:  Raising awareness, demonstrating that ERP security must be analyzed holistically.  Analyze current and future threats affecting these systems.  Serve as a unique central point of knowledge and reference in this subject.  Provide experienced feedback to global organizations, helping them to increase the security of their business-critical information.  Organize events with the community to share and exchange information. Join & contribute! www.bizec.org © 2012 ERP Security 12
  • 13. Questions? © 2012 ERP Security 13
  • 14. Need more info? Contact us... More information  See http://www.erp-sec.com Contact me on • jvdvis@erp-sec.com • @jvis © 2012 ERP Security 14
  • 15. Disclaimer SAP, R/3, ABAP, SAP GUI, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. The authors assume no responsibility for errors or omissions in this document. The authors do not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. The authors shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of this document. SAP AG is neither the author nor the publisher of this publication and is not responsible for its content, and SAP Group shall not be liable for errors or omissions with respect to the materials. No part of this document may be reproduced without the prior written permission of ERP Security BV. © 2012 ERP Security BV. © 2012 ERP Security 15