bowbridge Blog

Announcement: bowbridge to Present at SAPinsider Events

Oct 19, '17 / by Joerg Schneider-Simon

Staying on top of SAP cybersecurity requires unceasing vigilance. This year’s SAPinsider Events offer an excellent opportunity to learn the latest news on the industry’s biggest threats and smartest best practices.

Continue Reading

Where Cybercrime Against SAP is Bought and Sold

Oct 17, '17 / by Joerg Schneider-Simon

October is Cybersecurity Awareness Month. We take a look at the explosive growth of cybercrime as a service and how it puts your SAP system at risk.

We live in an age where we can outsource just about anything. From virtual assistants to lawn care services, all it takes is a quick online search to find people willing to do the jobs we want to offload.

Even if that job is cybercrime.

Continue Reading

A Bad Cup of Java: Why Active Content Can Threaten SAP With XSS Attack

Oct 11, '17 / by Joerg Schneider-Simon

Technology security professionals see a staggering variety of cyberattacks and are constantly on guard for new threats on the horizon. But even the most weathered IT pro feels a rise in blood pressure when they hear this phrase: cross-site scripting.

Continue Reading

SAP Security News: SAP Addresses E-Recruiting Vulnerability

Sep 21, '17 / by Joerg Schneider-Simon

SAP recently issued a security note addressing a vulnerability in the SAP E-Recruiting application:

Continue Reading

Alert: New SAP Security Notes on CRM and SRM Applications

Aug 29, '17 / by Joerg Schneider-Simon

Many businesses rely on SAP CRM (Customer Relationship Management) and SRM (Supplier Relationship Management) applications to manage workflows, standardize processes and centralize data. But, while these applications are eminently useful, they might be putting your business at risk.

Continue Reading

Why Even the Best Anti-Virus Program Can’t Protect SAP Systems

Aug 7, '17 / by Joerg Schneider-Simon

Petya. No-Petya. WannaCry. Locky. The names alone are enough to make any IT professional’s senses leap to high alert.

Continue Reading

Cybersecurity and SAP E-Recruiting: Are You Protected? [Infographic]

Jul 19, '17 / by Joerg Schneider-Simon

Considering how SAP systems are often interlinked with critical financial data, human resources records, and even vital infrastructure, a cyberattack could be devastating.

Continue Reading

Malicious File Uploads: The Wolves in Sheeps’ Clothing

Jul 12, '17 / by Joerg Schneider-Simon

Sharing files is a common part of any company’s day. Documents are shared between departments, invoices are sent from suppliers, and resumes are sent from candidates. Departments such as Accounts Receivable, HR, Procurement, and more all handle large volumes of file uploads.

Unfortunately, cyberattacks are often lurking in the files that we recognize, trust, and open daily. What kind of files? The ones we tend to trust most: Microsoft Office files, images, and PDFs.

These are our invoices, our resumes, our receipts, our purchase orders — all the documents we access and use every day, and that we upload to SAP every day.

Continue Reading

Cybersecurity for SAP Managers: Directory Traversal Attacks

May 9, '17 / by Joerg Schneider-Simon

Directory traversals are one of the most common SAP cybersecurity attacks, accounting for 20% of the security notes published by SAP. In these attacks, cybercriminals gain unwanted access to sensitive files or system directories, potentially resulting in a complete system compromise.

This post is the fourth in an ongoing series to educate SAP managers about common cybersecurity threats. Previous posts have covered such major threats as denial of service (DoS) attacks, injection attacks and cross-site scripting (XSS). Today, we’re focusing on the widespread damage directory traversal attacks can wreak on SAP systems – and how to protect against them.

Continue Reading

Cybersecurity for SAP Managers: Injection Attacks

Apr 13, '17 / by Joerg Schneider-Simon

External cybersecurity threats pose a very real risk to SAP systems of all sizes. One of the most common vehicles for hackers is the injection attack – both SQL injections and OS command injections. Preventing these attacks requires proactive strategies and a comprehensive SAP cybersecurity solution.

We’ve recently been publishing a series of posts to educate SAP Managers about these security threats, including denial of service (DoS) attacks and cross-site scripting (XSS). In this post, we’re investigating the threats behind SQL and OS command injections, along with best practices to protect your organization.

Continue Reading

Don't miss the latest SAP security news