It's full of stars!

  • All Content
  • About

security

SAP

Marketing first, data privacy last

SAP announced a new product and held a major online event to promote it. For people following a little bit the SAP world it was complicated to avoid the marketing hype around the Business Unleashed event. Registration was open to everyone with a business e-mail address. The target group was Read more…

By Tobias Hofmann, 3 monthsFebruary 14, 2025 ago
SAP UI5

Breaking changes in UI5 – PDFViewer

Updating SAPUI5 should not introduce breaking changes. UI5 uses semantic versioning, and as long as the major release does not change, you should be safe: update UI5, and get automatically the latest features, while your old apps continue to work. The app might drift away further and further from the Read more…

By Tobias Hofmann, 10 monthsJuly 30, 2024 ago
REST

Nothing is secure

It is the year 2024 and yet there are people believing that there is such a thing as secure software. Customers that commission an app and expect it to be secure. Large / mid / small partners, freelancers or developers that promise secure apps. End users that expect secure apps. Read more…

By Tobias Hofmann, 11 monthsJune 14, 2024 ago
SAP Security

API first – Account enumeration as a service

Attention: SAP changed the service. To find out if a user is valid, you have to add check at the end. Verify was replaced by check. The url is now: https://core-api.account.sap.com/uid-core/employee/<id>/check In my previous blog post I wrote about my experience regarding SAP Universal ID logon. To my surprise SAP Read more…

By Tobias Hofmann, 1 yearJanuary 17, 2024 ago
SAP

Enabling a discrepancy factor by enabling user enumeration

Account enumeration For a long time, SAP thought that a user Id should contain a number (and still does). The D, I, C or S-Users are based on a number, and so are the P-Users everyone was able to get by registering at SCN. Enabling attackers to guess a valid Read more…

By Tobias Hofmann, 1 yearJanuary 10, 2024 ago
SAP Security

Data leakage at SAP exposed user data. Again.

It was super easy to get access to a list of almost 6.900 names and e-mail addresses from SAP employees, partners and customers. No hacking needed, you just had to click links and know a few things. The list contains a handful of duplicates, test names or generic names. From Read more…

By Tobias Hofmann, 2 yearsOctober 11, 2023 ago
SAP

Access to internal SAP Help site

Using Google to find SAP related documentation is a daily task. When I was searching for some Fiori Launchpad information, I was using Google Search. One of the search results directed me to SAP Help and the Fiori Launchpad documentation. The link is: https://help.sap.com/docs/SAP_FIORI_LAUNCHPAD?locale=en-US The page is not hidden under Read more…

By Tobias Hofmann, 2 yearsSeptember 21, 2023 ago
SAP

SAP Cloud Availability Service

The access to the app is not any longer allowing external users (like S-User) to log on. While the public page of the app is accessible, you cannot read any evauations or other data. SAP acted here very quick and tightened the SSO access in just a few hours. The Read more…

By Tobias Hofmann, 2 yearsSeptember 13, 2023 ago
Technology

Presentation Sicherheit 8. HANA Tech Night

Event information Location: 8. HANA Tech Night, Mafinex, Mannheim Date: 27.06.2023 Site: Event website Title: Sicherheit Presentation: PDF Additional information Es gibt keine allgemeine Lösung für das Problem Sicherheit. Jede Situation ist einzigartig. Trotzdem gilt gerade deswegen: sich vorbereiten für das Schlimmste Es gibt keine super sichere Software. Das ist Read more…

By Tobias Hofmann, 2 yearsJuly 13, 2023 ago
SAP

Stretching access to training material in SAP Learning Hub

In this post I will explain how to access SAP Learning Hub (LH) training material PDFs that are not part of your subscription. You’ll need to have a valid LH solution subscription to be able to access training material not part of your subscription. For those not familiar with LH: Read more…

By Tobias Hofmann, 2 yearsFebruary 1, 2023 ago

Posts navigation

1 2 Next
  • Datenschutzerklärung
  • Impressum
  • Cookie-Erklärung
Hestia | Developed by ThemeIsle