Solved: Web GUI security precautions

pakula123 · ‎05-17-2016

Hi SAP personas team, Security topic:Since Web GUI works on browser and we use Scripting (Via BAPI's) What are the security precautions one should consider? When i did some research i found this link https://erpscan.com/wp-content/uploads/presentations/2012-Kuwait-InfoSecurity-Top-10-most-interestin... What steps did SAP take to avoid vulnerable attacks via Internet. Could you please send us the important notes that we can look in to if any Kindly suggest. Best regards, pradeep.

cris_hansen · ‎05-17-2016

Hi Pradeep,

You probably read about the SAP Security Notes. Please go ahead and check the notes published at the SAP One Support Portal. You will need assistance from your Security team to assess whether a note is required in your system or not.

So, the SAP Security Notes will be updated as soon as a particular vulnerability is found and fixed. This is the resource you need to use to prevent risks.

Kind regards,

Cris

cris_hansen · ‎05-17-2016

Hi Pradeep,

You probably read about the SAP Security Notes. Please go ahead and check the notes published at the SAP One Support Portal. You will need assistance from your Security team to assess whether a note is required in your system or not.

So, the SAP Security Notes will be updated as soon as a particular vulnerability is found and fixed. This is the resource you need to use to prevent risks.

Kind regards,

Cris

pakula123 · ‎05-17-2016

Thank you Cristiano .Your reply was at the speed of HANA . Best regards, pradeep.

cris_hansen · ‎05-17-2016

Hi Pradeep.

I am here to help. Not always as fast as HANA.

All the best,

Cris

pakula123 · ‎05-17-2016

Hi Cristiano , I tried to open the link that you have sent.It took us to general place where we check the notes , Can you be more specific about the note numbers that we need to implement for Personas ? Best regards, pradeep.

cris_hansen · ‎05-18-2016

Hi Pradeep,

You need to check the list from time to time, looking for BC-FES-ITS, BC-FES-WGU and BC-PER notes.

Kind regards,

Cris

tamas_hoznek · ‎05-18-2016

If you have SP03 installed, the new Notes Checker feature makes it easy to verify whether the required notes are implemented. If there are any new notes identified as required regarding security and relevant for Personas, this tool will recognize that and tell you if anything is missing.

However this relies on the Personas team getting notified about such notes so that we can make sure the Notes Checker knows about them. We try our best to keep up with this of course but in some cases it is possible that a note only applies to certain situations therefore it cannot be made required for all customers. In such cases, the local basis team has to determine whether the note should be implemented.

former_member596519 · ‎06-30-2022

Dear Tamas,

I hope you are doing good! Though, this question seems to be old, but I have a similar request: I was told that SAP Security team is recommending to keep the ITS-WEBGUI node deactivated. But for Screen Personas to work, according to this link, it has to be active. Is this a known issue and already resolved with one of the mentioned notes?

Thank you for the support and a big hello to the rest of the team!

BR Aleks

Former Member · ‎05-18-2016

Why not use Solution Manager to pull the available SAP Notes for any given system? See attached Screen Shot.

Cheers,

Dan Mead

pakula123 · ‎05-19-2016

Thank you for you note Daniel. I forwarded this info to concerned team. Best regards, pradeep.