4½ procedures for preventing weak password hashes in SAP
Of course, we don’t want to leave you out in the cold after the scenario we described last week and the kind of heavy financial losses that can be occurred as a result. For this reason, in this blog post, we will describe how the SAP ICS can be used to take preventive action, or […]
Shockheaded (Hash) Peter: If you play with fire,…
…you will get burned. That is pretty much how you could sum up the lesson to be drawn from the scenario we are going to describe below. If you are aware of the risk of using weak password hashes and do nothing, you shouldn’t be surprised by the damage that can result. The following story […]
The ones which fall through the net: plausibility and SAP security
In some areas of process standardization, compliance and correctness or access restrictions, it is sometimes quite difficult, if not impossible, to assign them to one of the classic processes of purchasing, sales or fixed assets. However, this does not mean that audit questions such as superuser activities, separation of duty conflicts or weekend bookings are […]
Dr. Strangelove or: How I Learned to Hack SAP Passwords
Having covered the system-wide profile parameters necessary for assigning passwords in SAP in our last blog post, we are now going to “get our hands dirty” and show you, step-by-step, how insecure password hashes can be cracked in SAP. Where can I find the password hashes in SAP? As already mentioned in the previous blog […]
SAP Cybersecurity: How Secure Are Your Passwords?
Cybersecurity is a topic that pretty much everyone is talking about at the moment. The discussion is often aimed at the infrastructure level, i.e. the security of networks and operating systems. However, the application level should not be forgotten either! One of the most important business application systems is often the company’s ERP system, which […]
Living from hand to mouth? How to run a first liquidity check on your customers
Having taken a look in our last two blog posts at the various accounts receivables and individual customers, we will now look at some simple statistics, examine the correlation between certain parameters and view the results as Excel charts. If you missed the last two blog posts, you can access them by clicking on the […]
When payments become a moral matter: How fast do your customers pay?
Analyzing the receivables accounts in SAP gives you an initial feel for how receivables are distributed. But it does not let you say anything in detail about the payment behavior of individual customers. For this reason, in this article, we will take a more in-depth look at individual customers and compare them with each other. […]
Do customers always pay on time?
In extreme cases, non-payments can cause companies to get into real trouble. That’s why we will be taking a closer look at this topic – one which is well known to auditors – over the course of the coming weeks. The end of the year is slowly but surely drawing near, and, for many companies, […]
Continuous Business Monitoring: An Approach to Enterprise Monitoring (Part 2)
Having already presented what Continuous Business Monitoring actually is, the benefits it provides for individual participants and having identified the drivers for its implementation, in this article, I will now present its different components, a procedure for its implementation and some examples of applications. Did you miss the first part of the two-part series? No […]
Continuous Business Monitoring: An Approach to Enterprise Monitoring
The monitoring of companies with regard to the regularity of financial reporting and risks that pose a danger to the ongoing existence of the company is one of the statutory duties of the boards of directors and managing directors of large corporations. The size and complexity of globally operating companies presents management with the problem […]