{"id":9041,"date":"2020-03-23T22:18:00","date_gmt":"2020-03-23T21:18:00","guid":{"rendered":"https:\/\/139-162-136-174.ip.linodeusercontent.com\/?page_id=9041"},"modified":"2022-11-15T10:47:54","modified_gmt":"2022-11-15T09:47:54","slug":"sap-cybersecurity-self-assessment-tool-level-2-results","status":"publish","type":"page","link":"https:\/\/www.bowbridge.net\/en\/sap-cybersecurity-self-assessment-tool-level-2-results\/","title":{"rendered":"Level 2: Knowledge is Power \u2013 Target Reconnaissance"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row css_animation=&#8221;qodef-element-from-fade&#8221;][vc_column][vc_column_text]<\/p>\n<h3 class=\"question-text\">1. In your opinion, what is the #1 tool to identify SAP systems exposed to the internet?<\/h3>\n<h4>Best Answer: b. Google<\/h4>\n<h4 class=\"answer-text\">For finding SAP systems connected to the internet, Google Advanced Search is a very powerful tool.<\/h4>\n<p>Many SAP systems are exposing the full application URL to the internet, so instructing google to search for splash pages or login pages with certain patterns in the URL will reveal \u2013 literally \u2013 tens of thousands of SAP systems with zero effort. Advanced searches and combinations of search terms help attackers narrow-down their target list.<\/p>\n<p>Examples:<\/p>\n<div id=\"attachment_9043\" style=\"width: 510px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9043\" class=\"wp-image-9043\" src=\"https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss-300x62.png\" alt=\"Advanced Google search\" width=\"500\" height=\"104\" srcset=\"https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss-300x62.png 300w, https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss-1024x212.png 1024w, https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss-768x159.png 768w, https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss-1536x319.png 1536w, https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss.png 1620w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><p id=\"caption-attachment-9043\" class=\"wp-caption-text\">50K results for SAP Application Servers<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_9045\" style=\"width: 510px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9045\" class=\"wp-image-9045\" src=\"https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss2-300x62.png\" alt=\"\" width=\"500\" height=\"103\" srcset=\"https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss2-300x62.png 300w, https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss2-1024x211.png 1024w, https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss2-768x158.png 768w, https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss2-1536x316.png 1536w, https:\/\/www.bowbridge.net\/wp-content\/uploads\/2020\/03\/google-ss2.png 1602w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><p id=\"caption-attachment-9045\" class=\"wp-caption-text\">15K for SAP NetWeaver Portal Servers<\/p><\/div>\n<p>&nbsp;<\/p>\n<p><strong>Recommendation:<\/strong> Customers should implement URL rewriting to hide any reference to SAP applications in the external-facing URLs and in links within the HTML of web-facing SAP applications.<\/p>\n<p>Advanced Web Application Firewalls \u2013 or even better &#8211; bowbridge Secure Web Dispatcher for SAP applications (targeted for release in Q3\/2020) can perform those translations.[\/vc_column_text]<div class=\"qodef-separator-holder clearfix  qodef-separator-center\">\r\n\t<div class=\"qodef-separator\" style=\"border-color: #cccccc;border-width: 1pxpx;margin-bottom: 50px\"><\/div>\r\n<\/div>\r\n[\/vc_column][\/vc_row][vc_row css_animation=&#8221;qodef-element-from-fade&#8221;][vc_column][vc_column_text]<\/p>\n<h3 class=\"question-text\">2. In April 2019, hackers released several exploits (collectively referred to as 10KBLAZE by Onapsis) targeting SAP business applications by uploading these exploits to a public forum. These vulnerabilities primarily target:<\/h3>\n<h4>Best Answer: b. Insecure default configurations of on-premise SAP Gateway and SAP Message Server<\/h4>\n<h4 class=\"answer-text\">Insecure default configurations of on-premise SAP Gateway and SAP Message Server.<\/h4>\n<p>These SAP exploits released in April 2019 primarily target insecure default configurations of on-premise SAP Gateway and SAP Message Server, two components that many SAP business applications use, and that are common in many environments.<\/p>\n<p>And yet, these configuration issues exist even in new SAP implementations in the cloud. Why? Because companies are not migrating SAP to the cloud with security in mind. For most organizations, basic SAP security is a huge challenge, and many don\u2019t even understand what they face in the realm of cloud security.[\/vc_column_text]<div class=\"qodef-separator-holder clearfix  qodef-separator-center\">\r\n\t<div class=\"qodef-separator\" style=\"border-color: #cccccc;border-width: 1pxpx;margin-bottom: 50px\"><\/div>\r\n<\/div>\r\n[\/vc_column][\/vc_row][vc_row css_animation=&#8221;qodef-element-from-fade&#8221;][vc_column][vc_column_text]<\/p>\n<h3 class=\"question-text\">3. What percentage of SAP implementations allow users to upload Microsoft Office documents containing potentially malicious macros?<\/h3>\n<h4>Best Answer: d. 87%<\/h4>\n<h4 class=\"answer-text\">87% of SAP implementations allow users to upload Microsoft Office documents containing potentially malicious macros.<\/h4>\n<p>In bowbridge&#8217;s <a href=\"https:\/\/explore.bowbridge.net\/sap-e-recruiting-is-your-recruitment-application-secure\" target=\"_blank\" rel=\"noopener noreferrer\">research and testing<\/a>, we\u00a0discovered\u00a0that\u00a087% of the implementations we tested allowed uploading of Office documents with macros\u00a0in the old format (CDF, pre-Office 2007) and 33% allowed uploading of documents with macros in the new format (OOXML).<\/p>\n<p>In 99% of cases, simply blocking all macros in uploads into SAP applications is the most efficient prevention. The time saved by using macros for task automation is simply not worth the massive risk macros present to your cybersecurity, not just as pertains to SAP, but for your entire system. In addition to blocking macros, having an\u00a0<a href=\"https:\/\/139-162-136-174.ip.linodeusercontent.com\/en\/anti-virus-for-sap-solutions\/\" target=\"_blank\" rel=\"noopener noreferrer\">anti-virus solution<\/a>\u00a0specifically designed for SAP\u2019s unique structure provides added protection.[\/vc_column_text][vc_empty_space height=&#8221;50px&#8221;][vc_column_text css=&#8221;.vc_custom_1585228983304{padding-top: 20px !important;padding-right: 20px !important;padding-bottom: 20px !important;padding-left: 20px !important;background-color: #f4f4f4 !important;}&#8221;]<\/p>\n<h5>So, how did you do? If you got all the answers right, well done! This next level, however, will really test your mettle \u2013 and your readiness for an intrusion on your SAP system. All set? Let\u2019s go!<\/h5>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;20px&#8221;][\/vc_column][\/vc_row][vc_row content_aligment=&#8221;right&#8221;][vc_column width=&#8221;1\/4&#8243;][\/vc_column][vc_column width=&#8221;1\/2&#8243;][\/vc_column][vc_column width=&#8221;1\/4&#8243;]<a href=\"https:\/\/139-162-136-174.ip.linodeusercontent.com\/en\/sap-cybersecurity-self-assessment-tool-level-3\" target=\"_self\" style=\"color: #006eaa;background-color: #ffffff;border-color: #006eaa;font-size: 16px;margin: 22px 0px\" class=\"qodef-btn qodef-btn-medium qodef-btn-default qodef-btn-custom-hover-bg qodef-btn-custom-border-hover qodef-btn-custom-hover-color qodef-btn-icon\" data-hover-bg-color=\"#006eaa\" data-hover-color=\"#ffffff\" data-hover-border-color=\"#006eaa\" >\n        <span class=\"qodef-btn-text\">Level Up!<\/span>\n    <span class=\"qodef-btn-text-icon\"><i class=\"qodef-icon-font-awesome fa fa-angle-double-right \" ><\/i><\/span>\n<\/a>[\/vc_column][\/vc_row][vc_row][vc_column][vc_empty_space height=&#8221;60px&#8221;][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row css_animation=&#8221;qodef-element-from-fade&#8221;][vc_column][vc_column_text] 1. In your opinion, what is the #1 tool to identify SAP systems exposed to the internet? Best Answer:&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"content-type":"","footnotes":""},"class_list":["post-9041","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.bowbridge.net\/en\/wp-json\/wp\/v2\/pages\/9041","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bowbridge.net\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bowbridge.net\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bowbridge.net\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bowbridge.net\/en\/wp-json\/wp\/v2\/comments?post=9041"}],"version-history":[{"count":16,"href":"https:\/\/www.bowbridge.net\/en\/wp-json\/wp\/v2\/pages\/9041\/revisions"}],"predecessor-version":[{"id":9784,"href":"https:\/\/www.bowbridge.net\/en\/wp-json\/wp\/v2\/pages\/9041\/revisions\/9784"}],"wp:attachment":[{"href":"https:\/\/www.bowbridge.net\/en\/wp-json\/wp\/v2\/media?parent=9041"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}