Santa was not the only one handling orders for presents…
The past year is a thing of the past and according to a survey conducted by Adobe, 51 percent of Germans intended to order all their gifts online. A majority of respondents cited low prices as the main reason for this mania for online shopping. But what about the orders your company places? Are they […]
Duplicate Payments: I want my money back!
Duplicate payments are always a hot topic. Due to poor organization, invoices being paid twice is something that happens over and over again. Even in well-defined organizations, duplicate payments occur again and again when the volume of transactions is high. In this blog post, I will explain some advanced methods for detecting duplicate payments in […]
Two is always better than one – except when it comes to master data!
Master data controls all business processes. If master data is not maintained correctly, errors are “passed on” to business transactions and something is pretty much guaranteed to go wrong as a result. Similar problems arise if master data in SAP is not unique because duplicate entries exist. This blog post explains what the specific problems […]
Using data analysis to uncover fraud
Over the past few weeks, we have looked at weak password hashes in SAP in quite some detail. Having previously already presented a conceivable scenario for exploiting such a vulnerability, as well as a guide to hacking weak password hashes and the measures to be taken to protect against it, in this blog post, we […]
4½ procedures for preventing weak password hashes in SAP
Of course, we don’t want to leave you out in the cold after the scenario we described last week and the kind of heavy financial losses that can be occurred as a result. For this reason, in this blog post, we will describe how the SAP ICS can be used to take preventive action, or […]
Shockheaded (Hash) Peter: If you play with fire,…
…you will get burned. That is pretty much how you could sum up the lesson to be drawn from the scenario we are going to describe below. If you are aware of the risk of using weak password hashes and do nothing, you shouldn’t be surprised by the damage that can result. The following story […]
It’s Data Science Time: Share your audit challenges with us!
“We interrupt the current program for an important announcement.” When you hear a sentence like that on the radio or television these days, you usually don’t have a very good feeling at first. This time, however, we would ask you to hear us out. Perhaps you have had the impression for some time that your […]
The ones which fall through the net: plausibility and SAP security
In some areas of process standardization, compliance and correctness or access restrictions, it is sometimes quite difficult, if not impossible, to assign them to one of the classic processes of purchasing, sales or fixed assets. However, this does not mean that audit questions such as superuser activities, separation of duty conflicts or weekend bookings are […]
zap Audit investigates: Could an imprisonable offence have been avoided?
In Hamburg, a decision was made at the beginning of the year about a particularly serious case of embezzlement and forgery. We looked into the case and came to the conclusion that a company could have discovered the fraud itself with the help of zap Audit. How? That’s what we are going to explain in […]
Dr. Strangelove or: How I Learned to Hack SAP Passwords
Having covered the system-wide profile parameters necessary for assigning passwords in SAP in our last blog post, we are now going to “get our hands dirty” and show you, step-by-step, how insecure password hashes can be cracked in SAP. Where can I find the password hashes in SAP? As already mentioned in the previous blog […]