Uncovering SAP BTP Attack Vectors

AI and Responsibility: Securing SAP's Digital Core

When AI agents decide, who answers the auditor? TAKEAWAYS Why tracing and auditing every AI agent decision is an audit requirement, not optional How AI makes SAP's existing attack surface more visible, not bigger The shift from humans executing tasks to humans managing agents managing agents Why organizations need AI to scale defenses against automated attacks Risk management frameworks for deploying AI in SAP (NIST, OWASP Top 10, ISO 27001) HOST & GUEST: Waseem Ajrab – Host: Head of Security Advisory, NO MONKEY José Marquez – Guest: Chief AI Officer, SAP Practice at PwC US CHAPTERS 02:11 José's journey from ABAP developer to Chief AI Officer 04:00 How AI agents change SAP from execution to decision making 07:57 Why AI makes attack surfaces more visible, not expanded 09:28 Autonomous AI agents and the accountability challenge 12:47 Tracing, logging, and auditing: The audit question every organization will face 17:17 Common gaps when organizations have high AI ambition but low governance 18:46 Standards for monitoring AI agents like human employees 22:07 AI's impact on security operations and automated attacks 31:26 The new role: Humans managing agents managing agents 33:33 Risks of over-reliance on AI-driven security decisions 40:56 Protecting SAP's digital core with AI risk governance 44:53 Balancing automation, human oversight, and organizational strategy 45:22 The biggest opportunity (scale) vs. the biggest risk (forgetting how to think critically) New episodes drop regularly, featuring conversations with cybersecurity experts, SAP practitioners, and industry leaders who've been in the trenches. No vendor pitches. No fluff. Just actionable insights you can apply today. Because curiosity is free – but recovery isn't.

Why SAP Is Still a Goldmine for Attackers

Discover what 20 years of vulnerability research reveals about SAP security TAKEAWAYS • Discover why SAP obscurity no longer works as security • Learn what attackers exploit in real SAP penetration tests • Understand the business impact of SAP breaches (real cases) • Identify common patterns that leave SAP systems vulnerable • Adopt the "assume breach" mindset for SAP environments HOST & GUEST: Waseem Ajrab – Host: Head of Security Advisory, NO MONKEY Joris Van De Vis – Guest: Director Security Research, Security Bridge Chapters 03:06 The Journey into SAP Cybersecurity 05:54 Complexity as a Double-Edged Sword 09:01 The Business Impact of SAP Breaches 12:12 Common Vulnerabilities in SAP Systems 14:54 The Importance of Monitoring and Patching 18:03 The Challenge of Legacy Systems 20:50 The Human Factor in SAP Security 24:55 The Human Element in Technology 27:00 Understanding Compliance vs. Security 30:04 Cloud Migration Myths and Realities 34:15 Identifying Patterns in Vulnerabilities 41:51 Mindset Shift: Assume Breach 43:09 Innovations in SAP Security Tools New episodes drop regularly, featuring conversations with cybersecurity experts, SAP practitioners, and industry leaders who've been in the trenches. No vendor pitches. No fluff. Just actionable insights you can apply today. Because curiosity is free – but recovery isn't.

Navigating C‑Level Executives Through SAP Cybersecurity

How to get SAP security on the board agenda, when ransom attacks are louder but SAP is more critical. TAKEAWAYS * SAP security has evolved significantly since 2012. * Continuous security is essential for effective SAP risk management. * Organizations often rely too heavily on audits for security. * There is a gap in communication between technical teams and C-level executives. * Proactive measures can prevent significant security incidents. * AI can enhance both security measures and threat detection. * Transparency in security practices is crucial for effective management. * Organizations need to start addressing glaring security issues immediately. * The complexity of SAP systems requires specialized security approaches. * Security is a continuous process, not a one-time project. CHAPTERS 03:00 The Evolution of SAP Security 06:05 Challenges in SAP Cybersecurity 09:06 The Role of C-Level in Cybersecurity 11:58 Understanding SAP Cyber Risk 15:12 Bridging the Gap in Cybersecurity Communication 24:00 Understanding SAP Security Risks 29:59 The Role of Audits in Cybersecurity 35:55 Continuous Security: A Proactive Approach 41:56 Bridging the Gap Between Cybersecurity and SAP 48:04 Future Trends in SAP Security HOST & GUEST: * Waseem Ajrab – Host, NO MONKEY * Christoph Nagy – Guest, Security Bridge CONNECT WITH US: Website: https://www.no-monkey.com/ [https://www.no-monkey.com/] LinkedIn: https://www.linkedin.com/company/no-monkey/ [https://www.linkedin.com/company/no-monkey/] Subscribe to stay updated on SAP security!

Building Modern SAP SOC

The Role of Offensive Mindset in Cyber Defense TIMESTAMPS: 03:00 - Maxim's Journey into Cyber Defense 05:44 - The Evolving Mindset of SOC Operations 08:28 - The Role of Education in Cybersecurity 11:02 - Understanding SAP's Unique Challenges in SOC 13:42 - Effective Detection Strategies for SAP Systems 16:27 - Building a Threat Hunting Framework 18:46 - The Future of Threat Hunting and SOC Operations 21:07 - Understanding Threat Hunting in SAP Environments 24:30 - Compliance vs. Security: A Critical Distinction 28:11 - Reactive vs. Proactive SOC Teams 32:08 - Bridging the Gap: SOC Analysts and SAP Experts 35:45 - Implementing SAP Security in SOC Operations HOST & GUEST: * Waseem Ajrab – Host, NO MONKEY * Maxim Deweerdt – Guest, NVISO KEY TAKEAWAYS: * Understanding the adversary's goals is crucial for SOC operations * Proactive SOC teams assume compromise and focus on detection * SAP is often treated as a black box in SOCs due to complexity * Effective detection requires collaboration between SAP and SOC teams * Quality of detection rules is more important than quantity * Compliance and security should be clearly differentiated CONNECT WITH US: Website: https://www.no-monkey.com/ [https://www.no-monkey.com/] LinkedIn: https://www.linkedin.com/company/no-monkey/ [https://www.linkedin.com/company/no-monkey/] Subscribe to stay updated on SAP security!

Uncovering SAP BTP Attack Vectors

Navigating the Complexities of SAP Cybersecurity TIMESTAMPS: 03:45 - Transitioning to Cloud: Impact on Security 07:26 - Understanding SAP BTP: Basics and Structure 11:02 - Exploring BTP Environments 14:30 - The Role of ABAP in BTP 16:53 - Shared Responsibility in Cloud Security 22:27 - The Attackers Playbook and Pentesting 23:54 - Understanding SSH and Security in Cloud Foundry 27:35 - Service Keys and Their Risks 30:38 - Best Practices for Application Security 34:14 - Exploring Kyma and Cloud Connector Security 40:55 - Top Recommendations for Reducing BTP Risk HOST & GUEST: * Waseem Ajrab – Host, NO MONKEY * Julian Petersohn – Guest, Fortinet KEY TAKEAWAYS: * BTP is essential for modern SAP security * Misconfigurations are a leading cause of vulnerabilities * Shared responsibility is crucial in cloud environments * Monitor your applications continuously * Develop applications with security in mind * Regularly update and patch systems CONNECT WITH US: Website: https://www.no-monkey.com/ [https://www.no-monkey.com/] LinkedIn: https://www.linkedin.com/company/no-monkey/ [https://www.linkedin.com/company/no-monkey/] Subscribe for more SAP security insights!