Typically, SAP system landscapes consist of at least three systems - production, quality assurance and development.
SAP Transport Management is used to manage the delivery of development objects, patches, and roles to ensure your organisation has a consistent update level throughout the whole landscape.
Usually, users in development systems, such as transport management, have a wide range of authorisations to analyse and fix. Additionally, they often need to be authorised to attach changes into a transport system and deliver them to subsequent systems.
This inevitable concept is also a massive threat in several layers. It means even the most restricted production system can be easily changed by the user, especially if you aren’t paying attention to the whole landscape.
In this session, Ralf Kempf will introduce you to the threats within an SAP Transportation System. He will also demonstrate these threats and discuss the different security layers to minimise weak points, detect possible threats and show the limits of SAP built-in tools.
Transports are an essential part of an SAP environment. They are used to transfer changes from one system to another, to implement new functions, apply updates, and install third-party applications. Change management in SAP is impossible without transports.
However, there are also a large number of potential security risks in the context of transports; compliance requirements can be circumvented, or other unwanted activities can be concealed. Therefore, transports into SAP systems should always be controlled.
A manual content check of all transports, however, is not a practical option because of the sheer volume of data. By using a tool-based analysis, this effort can be significantly reduced, and transports can be automatically checked for security, compliance, and quality issues even before they are released.
Vice President ABAP Arch
Pathlock
Ralf has about 25 years of experience in SAP security services and software development. Together with his team of international security experts, he specialises in analysing and securing business applications and especially complex SAP systems.
Director of Grey Monarch
Grey Monarch
David Lloyd is a co-founder of Grey Monarch, who specialize in SAP security, threat detection, vulnerability management, access controls, compliance and audit.
David Lloyd, Ralf Kempf and Clemens Guetter presented How to Handle the Threats within SAP Transport Management on Wednesday 9th November 2022.
Uploaded 1 year ago (09-11-2022)
Sponsor Resource: Pathlock
Event: How to Handle the Threats within SAP Transport Management
Our latest insights and thoughts