Security

Interesting security topics

• Fun:
  • Agile scrum humor
  • Dilbert and ERP
  • Humor
•  Logging:
  • Audit logging
  • Check HTTP usage in system
  • Check RFC usage in system
  • Check SE16N usage in system
  • Table logging
• Hacking methods:
  • ABAP developer and object key hack
  • Cross client access hacking
  • Debug scripting to bypass authority checks
  • Direct table hacking
  • Information disclosure
  • Password hacking BCODE
  • Password hacking PASSCODE
  • Password hacking PWDSALTEDHASH
  • Password hacking rule based attack
  • Password hacking optimization of the attack speed
  • Password hash strengthening
  • RFC callback hacking
  • SAP logon user exit hack
  • SAP standard users
  • SAP* new method of activating
  • SE16N emergency mode
  • System hacking using RFC jump
• Interfacing:
  • RFC interfacing
  • RFC security checking
  • Web service exposing
• Role development
  • User role comparison
• SAP GUI:
  • SAP gui scripting
• Security improvements:
  • CALL TRANSACTION security
  • CVA: code vulnerability analysis
  • Delete ABAP developer keys
  • Digitally signed OSS notes
  • SAP support portal security: mail filtering
  • Security OSS notes via system recommendations
  • Security patch day
• Security review
  • SAIS_MONI: audit report on system changes
  • SAP security baseline template
  • SAP trust center
  • Security optimization service
  • S4HANA security baseline changes
• Security settings
  • Security policies in user management
  • TLS v1.2 setup
  • Transaction locking

• Table maintenance:
  • Direct maintenance vs transport
  • STDDAT: consistency check for generic table access authorization group
• Tools:
  • CUA: central user administration
  • List all user documentation
  • SAP for me
  • STAUTHTRACE: improved authorization tracing
  • STUSERTRACE: long term user authorization tracing
  • SUIM user information system
  • SUIM_CHDOC_USER: new transaction to show user changes
  • User role compression
• User measurement & licensing:
  • ABAP system license verification program
  • Developer license measurement
  • EHP switches and licenses
  • FIORI user measurement and usage
  • Indirect access license model
  • Indirect access measurement estimation tool
  • License measurement tips & tricks
  • LUI: license utilization information
  • Mass locking users and end validity date
  • Mechanics behind user measurement
  • SAP solution manager licenses
  • SAP user measurement consolidation using SLAW2
  • SAP user measurement using USMM
  • SAP user measurement using USMM2