cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vulnerability tool for SAP PI

Go to solution
iaki_vila
Active Contributor

on ‎03-06-2015 8:11 AM

0 Kudos

Hi friends,

I'm searching a tool to help to detect vulnerabilities in a SAP PI environment. I know some good practices, like PI in MZ zone and a firewall to let the Internet communications and so on, but i need a tool to automatize the process. For example i know the HTTPS is securer than HTTP but i need a tool that tell me this problem like potential risk.

From ABAP code or NW ABAP stack,  i found tools to detect problems like SQL injection in the code in this document http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b07a908d-6d45-3110-18b0-88d3ad772...

Does Anybody know a SAP or third-party tool for this purpose?

Regards.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-01-2015 9:41 AM
0 Kudos

Hi Inaki,

You should look at addressing security at various levels. Obviously as you mentioned the placement of your PI in your network. I will provide you a few tips on multi-level security

1. Network - network firewall, close all ports except those that matter. e.g. for inbound, only allow traffic from trusted partners/sites,

2. Transmission - Only allow secure channel (e.g. VPN, HTTPS, SNC, HTTPS on VPN to be sure etc.), the higher encryption level the better.

2. Intrusion Detection and prevention - there are a number of great products out there or you can look at Snort

3. Even if you are protected by app level password, only serve resources that are needed - this is where ACL/whitelisting/permission tables, etc whatever is available on which channel comes to play

and other clever things you can do

Also follow Onapsis, they usually poke SAP on vulnerabilities

Applying latest security notes and regular patching are a must

Cheers

Donald

Show replies
Show replies

Answers (2)

Answers (2)

iaki_vila
Active Contributor
‎03-06-2015 11:26 AM
0 Kudos

Hi all,

With SAP Solution Manager i've seen a good set of tools for SAP Netweaver platform  https://support.sap.com/content/dam/library/support/support-programs-services/support-services/SIS26...


Any other tool recommendation will be appreciated.


Regards.

Show replies
Show replies
AnilDandi
Active Participant
‎03-06-2015 3:20 PM
0 Kudos

Hi Iñaki

Not a tool, but rather a pointer... search notes with title "Briefing at Black Hat conference" and check them along with related notes section. These notes list widely known vulnerabilities and SAP's fixes or mitigation plans.

regards

Anil

Former Member
‎03-06-2015 9:12 AM
0 Kudos

Hi Inaki,

Not sure if there is a tool available to detect vulnerbilities . However i think SAP keeps the customers updated on all vulnerailities through SAP Hot news like the below Poodle Vulnerability.

2092630 - Turning off SSLv3 on SAP
NETWEAVER AS ABAP and AS JAVA, and on SAP HANA XS   

Regards,

Sriram

Show replies
Show replies
Ask a Question