Common Vulnerabilities and Exposures (CVE) – All you need to know (30min)

In the September edition of monthly webinar Defeat the Hackers, INDUS Security Special Interest group hosted Shipra Aggarwal and Bibin Mathew from SAP Labs India Bangalore.

Two topics were covered in this month’s session:

  1. Critical SAP Security Notes Released this Quarter
  2. CVE (Common Vulnerability and Exposures)

Critical SAP Security Notes Released this Quarter

Bibin presented on the new critical patches that were released this quarter (July 2020 – Sep 2020) and should be consumed by customers on high priority. The session covered more details about these critical patches including:

  • Products affected
  • Impact
  • Availability of workarounds & FAQs

Please refer to the slides and recording for more information.

CVE (Common Vulnerability and Exposures)

Shipra shared the importance of CVE (Common Vulnerability and Exposures) for SAP customers in enhancing the security posture of their landscapes.

The session provided an overview on the need for CVEs for software security vulnerabilities. At the session, Shipra also spoke about how and when SAP became a CVE Numbering Authority and the benefits of doing so.

She also shared some practical tips on making the best use of CVEs.

In addition, the session also detailed on the following aspects:

  • Why do we need CVEs and what it is?
  • How SAP assigns CVE-IDs for its patched security vulnerabilities?
  • Understanding the CVE entry from MITRE and NVD
  • How customers can make use of CVEs to consume SAP patches effectively?

Some of the resources that she shared are as below:

Best Practices to Secure your SAP Custom Code

In the July edition of their monthly webinar Defeat the Hackers, INDUS Security Special Interest group hosted Natascha Lalor from SAP Ireland. She shared the importance of having Secure Software Development LiveCycle for custom code applications.

The session provided an overview of the various tools at SAP that can be used to secure custom code. In the session Natascha also explained the processes that should be in place to make sure your custom applications are secure. She also shared best practices that will help to secure custom applications right from the start.

The session gave an overview on:

  • Software security vulnerability situation today
  • Application security testing solutions at SAP
  • ABAP Test Cockpit
  • SAP Code Vulnerability Analyzer
  • Custom Code Management Tools
  • Threat Modelling

You can find the recording here.

You can find the slides here.