Redirections: How They Threaten SAP Cybersecurity
Apr 4, '18 by Joerg Schneider-Simon
Anybody who has ever visited a web page has likely been redirected at some point, such as when older links get redirected to updated ones or visiting a “My Account” page redirects to the login page. Even on apps, this is common: When logging into a banking app, for example, a redirect might bring the user to a new page promoting a service.
Redirections can be helpful, steering app users and website visitors away from dead ends and toward the information or functions that they seek.
However, when redirections are used maliciously, they can create unfathomable amounts of damage. And if that damage is aimed at mission-critical SAP systems, it could jeopardize the company’s security, reputation, and even its very future.
How Do Redirections Happen?
Redirects use code that specifically names the URL to which the visitor should be redirected. Usually that URL is provided by the application. However, when the destination of the redirection is coded in a URL parameter or a hidden form value, a so-called Open Redirect Vulnerability is created.
Attackers can exploit these vulnerabilities by injecting a malicious URL into those parameters and redirect victims to URLs that will ultimately cause them harm.
The attack itself often presents itself in one of two ways:
These are emails from legitimate-looking sources, with a link that appears to point to the correct domain. However, in the middle of the URL are parameters that change the link destination. To be extra devious, some cyberattackers will manipulate the code so the victim is first taken to a legitimate login page, and THEN redirected to a fake website where the victim is asked to re-enter their password. Once that’s happened, the victim is sent back to the legitimate website, with no idea that their username and password have just been stolen.
How Do Redirections Affect SAP?
Considering both SAP and FIORI allow users to input information into applications and upload files, the last thing any cybersecurity professional wants is for end-users’ credentials to become compromised or their devices to wind up teeming with malware.
If cyberattackers gain access to SAP applications via stolen login information, they can then insert malicious code into these applications, pulling off cross-site scripting (XSS) attacks, directory traversal attacks, and SQL injections.
If users’ devices are infected with malware, they could inadvertently upload infected attachments to SAP applications like CRM, SRM, or ERP, where the malware can then quickly spread and possibly impact vital data and systems.
How Can You Protect Your SAP System?
The bad news is that unless every single website administrator tightens up its redirect coding, malicious redirects will always take place.
The good news is this doesn’t have to affect your SAP system.
By implementing robust SAP cybersecurity solutions made specifically for SAP’s unique structure, companies can easily detect and block any malicious code from affecting their applications and any damaging malware from accessing their system.
Want to know more about how attackers target SAP applications with maliciously crafted inputs and malware-laden files? Our webinar, Protecting Your SAP Applications From Content-Based Cyberthreats, gives you all the details on the tricks cyberattackers are using and how you can stay ahead of them.