Onapsis unpacks HANA security in new publication

Application security research firm Onapsis has released a new publication on SAP HANA security, which identifies how to correctly configure critical aspects of the HANA system, as well as how to properly audit the system.

The publication, SAP HANA System Security Review Part 2, also analyses SAP HANA Internal Communication Channels, and describes how to update the SAP HANA platform, noting the new improvements in each Support Package.

“Improperly configuring SAP HANA has a huge impact on security, as there are many aspects of this product that by default, in certain versions, do not have the most effective security measures in place. For example, Internal Communication Interfaces were not designed to be used by the end user and, therefore, do not include security measures such as encryption or authentication in versions prior to SPS10. If left unsecured, an attacker could access any communication ports to perform espionage, sabotage, and fraud attacks,” said Nahuel D. Sanchez, author and SAP security researcher, Onapsis.

This latest deep-dive publication follows on from SAP HANA System Security Review Part 1, which focuses on understanding the HANA layout.

SAP HANA System Security Review Part 2 is available for download at www.onapsis.com/research/publications/volume-xii-sap-hana-system-security-review-part-2.